Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write

Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write // Source: https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/ // // v8 exploit for https://crbug.com/716044 var oobrw = null; var leak = null; var arbrw = null; var code = function return 1; code; class BuggyArray extend...

Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write

// Source: https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/ // // v8 exploit for https://crbug.com/716044 var oobrw = null; var leak = null; var arbrw = null; var code = function return 1; code; class BuggyArray extends Array constructorlen super1; oobrw = new Array1.1, 1.1; leak = new...

Joomla! 3.7 Core SQL Injection (CVE-2017-8917)

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-05-18 0x00 vulnerability overview Vulnerability description Joomla to 5 on 17 May released the new version 3. 7. 1, and https://www.joomla.org/announcements/release-news/5705-joomla-3-7-1-release.html this update fixes a high risk SQL...

Multiple Quick Heal Product Security Bypass Vulnerabilities

Quick Heal Internet Security, Quick Heal Total Security and Quick Heal AntiVirus Pro are antivirus programs from Quick Heal India. A security vulnerability exists in the PE file in several Quick Heal products due to the program's failure to use the ASLR/DEP protection mechanism. An attacker can...

CVE-2017-8776

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the...

Shadow Brokers Fix for IBM Lotus Domino Released

IBM has released a patch for Lotus Domino to plug a security flaw which was disclosed in the latest Shadow Broker revelations. Lotus Domino includes an IMAP server. IMAP or Internet Message Access Protocol is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from th...

CVE-2016-4849

Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird 52.1, Firefox ESR 52.1, and Firefox 53...

UBUNTU-CVE-2017-5447

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

Nebula exploit package CVE-2016-0189 exploit analysis-exploit warning-the black bar safety net

1. Introduction In recent years, exploit kitsEK/Exploit Kitmarket amidst the winds of change。 2016 early June, once rampant in the Angler EK disappeared, the Neutrino EK quickly filled the void. Then just less than 3 months time, the Neutrino EK and go for the underground, the RIG EK and then...

CVE-2017-3034

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

Integer overflow

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4015383)

This host is missing an important security update according to Microsoft Security update KB4015383 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Pandavirtualization: Exploiting the Xen hypervisor

Posted by Jann Horn, Project Zero On 2017-03-14, I reported a bug to Xen's security team that permits an attacker with control over the kernel of a paravirtualized x86-64 Xen guest to break out of the hypervisor and gain full control over the machine's physical memory. The Xen Project publicly...

Fedora 25 : webkitgtk4 (2017-25ffd5b236)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Fedora 24 : webkitgtk4 (2017-0f38995622)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Design/Logic Flaw

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

CVE-2017-6003

dotCMS 3.7.0 has XSS reachable from ext/languagesmanager/editlanguage in portal/layout via the bottom two form fields...

Start Menu Layout Roaming on Windows 10

The Windows 10 Start menu layout is pain point for many users. What’s more, when utilizing roaming profile solutions, the Start menu layout might not be persistent when roaming across multiple desktops. We have described the reasons for this issue in this Citrix blog. The following is a workaroun...

[ASA-201703-3] firefox: multiple issues

Arch Linux Security Advisory ASA-201703-3 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410...