Lucene search
+L

281 matches found

exploitpack
exploitpack
added 2015/12/18 12:0 a.m.23 views

Adobe Flash TextField.setFormat - Use-After-Free

Adobe Flash TextField.setFormat - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method can...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2015/12/18 12:0 a.m.13 views

Adobe Flash TextField.text Setter - Use-After-Free

Adobe Flash TextField.text Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=576 There is a use-after-free in the TextField.text setter. If the text the field is set to is an object with toString defined, the toString function can free the field's...

Exploits0
exploitpack
exploitpack
added 2015/12/18 12:0 a.m.14 views

Adobe Flash MovieClip.attachBitmap - Use-After-Free

Adobe Flash MovieClip.attachBitmap - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=593 There is a use-after-free in MovieClip.attachBitmap. If the depth parameter is an object with valueOf defined, this method can free the MovieClip, which is then used...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.21 views

Adobe Flash MovieClip.localToGlobal - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=570 There is a use-after-free issue in MovieClip.localToGlobal. If the Number constructor is overwritten with a new constructor and MovieClip.localToGlobal is called with an integer parameter, the new constructor will get...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.20 views

Adobe Flash MovieClip.startDrag - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=592 There is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used. A minimal POC follows: this.createEmptyMovieClip"mc", 1;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.34 views

Adobe Flash MovieClip.duplicateMovieClip - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=591 There is a use-after-free in MovieClip.duplicateMovieClip. If the depth or movie name parameter provided is an object with toString or valueOf defined, this method can free the MovieClip, which is then used. A minimal...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/12/18 12:0 a.m.1779 views

Adobe Flash TextField.setFormat - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=586 The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method ca...

10CVSS0.5AI score0.43408EPSS
Exploits1
exploitpack
exploitpack
added 2015/12/17 12:0 a.m.19 views

win32k Desktop and Clipboard - Null Pointer Dereference

win32k Desktop and Clipboard - Null Pointer Dereference Source: https://code.google.com/p/google-security-research/issues/detail?id=534 The attached PoC triggers a null pointer condition on Windows 7 32-bit, which can potentially be exploited on versions of Windows that allow mapping the null pag...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2015/12/17 12:0 a.m.14 views

Adobe Flash TextField.antiAliasType Setter - Use-After-Free

Adobe Flash TextField.antiAliasType Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=560 There is a use-after-free in the TextField antiAliasType setter. If it is set to an object with a toString method that frees the TextField, the property will...

7.5AI score
Exploits0
0day.today
0day.today
added 2015/12/17 12:0 a.m.42 views

Adobe Flash TextField.antiAliasType Setter - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=560 There is a use-after-free in the TextField antiAliasType setter. If it is set to an object with a toString method that frees the TextField, the property will be writt...

10CVSS0.1AI score0.29962EPSS
Exploits1
Exploit DB
Exploit DB
added 2015/12/10 12:0 a.m.26 views

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption

Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize earl...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/11/11 12:0 a.m.42 views

Debian DSA-3397-1 : wpa - security update

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...

5.9CVSS6.1AI score0.04198EPSS
Exploits0References36
exploitpack
exploitpack
added 2015/09/22 12:0 a.m.14 views

Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)

Microsoft Windows Kernel - Brush Object Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=304 Creating a device context with the flag DCXNORESETATTRS​ and selecting a brush object into the device context will result in the brush being freed on...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/09/22 12:0 a.m.32 views

Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=429 The OS X regex engine function tretnfarunparallel contains the following code: int tbytes; ... if !matchtags numtags = 0; else numtags = tnfa-numtags; ... int rbytes, pbytes, totalbytes; char tmpbuf; / Compute the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.15 views

Adobe Flash - Pointer Crash in Drawing and Bitmap Handling

Adobe Flash - Pointer Crash in Drawing and Bitmap Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=396&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id A nasty looking crash is manifesting in various different ways under fuzzing, apparentl...

Exploits0
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.13 views

Adobe Flash AS2 - Color.setRGB Use-After-Free

Adobe Flash AS2 - Color.setRGB Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.10 views

Adobe Flash - Pointer Crash in Button Handling

Adobe Flash - Pointer Crash in Button Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=399&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample, signalsigsegv7ffff60a14299554f4dc661554237404dfe394d4c6c3e674.swf, crashes in...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/13 12:0 a.m.146 views

Microsoft Windows 8.1 - DCOM DCE/RPC Local NTLM Reflection Privilege Escalation (MS15-076)

Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory Usage: trebuchet.exe C:\Users\Bob\Evil.txt C:\Windows\System32\Evil.dll This is a lightly...

7.2CVSS7.6AI score0.04111EPSS
Exploits4
OSV
OSV
added 2015/05/27 12:0 a.m.18 views

DLA-231-1 dulwich - security update

Bulletin has no description...

7.5CVSS6.3AI score0.03351EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/05/13 12:0 a.m.31 views

FreeBSD : suricata -- TLS/DER Parser Bug (DoS) (fe910ed6-f88d-11e4-9ae3-0050562a4d7b)

OISF Development Team reports : The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported ...

5CVSS5.5AI score0.01134EPSS
Exploits0References3
Rows per page
Query Builder