2027 matches found
Scientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)
Security Fixes : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in a stack variable which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in borrowed inline caches which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due to a Use-After-Free UAF vulnerability in ServerScriptContext which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...
CVE-2018-12294
CVE-2018-12294 affects WebKitGTK+ (WebKitGTK+ prior to 2.20.2) where WebCore/TextureMapperLayer.cpp (TextureMapperLayer) is vulnerable to a use-after-free of WebCore::TextureMapperLayer. The connected sources consistently describe a WebKitGTK+ memory-use-after-free vulnerability; no vendor/produc...
MacOS kernel UAF due to lack of locking in nvidia GeForce driver(CVE-2018-4230)
nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a...
Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver / nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when on...
WebKit - not_number defineProperties UAF (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF vulnerability in WebKit's JavaScriptCore library. , 'Licens...
WebKit not_number defineProperties Use-After-Free Exploit
Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user c...
Denial Of Service (DoS) Through Use-After-Free (UAF)
libical.so is vulnerable to denial of service DoS through use-after-free UAF attacks. The vulnerability exists when a use-after-free UAF can be triggered while parsing a malicious ics file, causing the denial of service DoS attack...
Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Exploit
Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall...
Use-After-Free (UAF)
libical is vulnerable to use-after-free UAF attacks. The vulnerability exists in the fetchlatlongfromstring function of icaltimezone.c due to a heap-based use-after-free UAF issue...
WebKit not_number defineProperties UAF
This module exploits a UAF vulnerability in WebKit's JavaScriptCore library. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This modu...
ModSecurity WAF 3.0 for Nginx - Denial of Service Vulnerability
Exploit for linux platform in category dos / poc / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory...
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Manager 7 x86 - Menu Management Component UAF Privilege Elevation...
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall pfnHMValidateHandleHANDLE, BYTE = NULL; static constexpr UINT...
ModSecurity For Nginx Use-After-Free
Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vectors. / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In...
ModSecurity WAF 3.0 for Nginx - Denial of Service
Use-After-Free UAF During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory corruption errors. Through fuzzing and stress testing...
CVE-2018-7566
ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...