Lucene search
+L

2035 matches found

exploitpack
exploitpack
added 2016/10/31 12:0 a.m.18 views

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ;...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2016/10/31 12:0 a.m.30 views

Apple OS XiOS - mach_ports_register Multiple Memory Safety s

Apple OS XiOS - machportsregister Multiple Memory Safety s Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=882 machportsregister is a kernel task port MIG method. It's defined in MIG like this: routine machportsregister targettask : taskt; initportset : machportarrayt = ^array o...

Exploits0
myhack58
myhack58
added 2016/09/14 12:0 a.m.49 views

IE browser exploits technology evolution(II)-vulnerability warning-the black bar safety net

Foreword In a previous article, we talked about some of the early ie related exploits, from the most basic, the most simple stack overflow vulnerability of the use of speaking, to the relatively more complex UAF exploits. Through these exploits evolution, as if we can see the human society from t...

0.3AI score
Exploits0
myhack58
myhack58
added 2016/08/10 12:0 a.m.1053 views

UAF vulnerability description-vulnerability warning-the black bar safety net

UAF Use After Freevulnerability is a memory corruption vulnerability,usually present in the browser. Recently,the browser's new version Added a series of controls,which also makes use of these vulnerabilities becomes more difficult. Nevertheless,they still seem to exist. This article mainly will ...

7.3AI score0.46767EPSS
Exploits1
exploitpack
exploitpack
added 2016/07/11 12:0 a.m.26 views

Adobe Flash - JXR Processing Double-Free

Adobe Flash - JXR Processing Double-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/11 12:0 a.m.43 views

Adobe Flash - JXR Processing Double-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=788 There is a heap overflow when loading the attacked JXR file in Adobe Flash. To reproduce, load the attached file using LoadImage.swf?img=12.atf. This issue can be a bit difficult to reproduce, as the crash occurs when the playe...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/06/10 12:0 a.m.16 views

Apple Mac OSX iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient

Apple Mac OSX iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732 This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a...

1.2AI score
Exploits0
0day.today
0day.today
added 2016/06/10 12:0 a.m.62 views

Apple Mac OSX / iOS - Kernel UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOH

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732 This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a path to getting free'd memory disclosed back to userspace. Although the...

2.6CVSS7.1AI score0.00695EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/06/10 12:0 a.m.44 views

Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732 This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a path to getting free'd memory disclosed back to userspace. Although the copyProperty macro used by...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/05/20 12:0 a.m.186 views

Linux内核 Keyrings 引用计数溢出 UAF 漏洞

漏洞分析 Linux Kernel的这个漏洞会造成两个影响,第一个是造成信息泄露,可以bypass ASLR,另一个是UAF造成代码执行,利用的是KeyRing机制中的两个漏洞,一个是对Keyring操作控制不严谨,另一个是利用对Keyring计数变量控制不严谨,其中代码执行利用条件相对苛刻,下面对此漏洞进行详细分析。 Keyring信息泄露: Keyring和安全密钥有关,进程可以申请自己新的keyring,同时也可以通过申请新的keyring替换老的keyring,其中,调用到joinsessionkeyring函数。 long joinsessionkeyringconst cha...

7.2CVSS6.9AI score0.03646EPSS
Exploits14
Hacker One
Hacker One
added 2016/05/19 9:56 p.m.33 views

Internet Bug Bounty: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability

I. Summary There's a UAF Vulnerability in the PCRE engine version used in Flash that could lead to Remote Code Execution. II. Affected Adobe Flash Player 11.5.502.135 20.0.0.286 III. Reference Identified as CVE-2016-4121, and reported to Adobe directly...

7.5CVSS8.5AI score0.10004EPSS
Exploits0
myhack58
myhack58
added 2016/05/06 12:0 a.m.18 views

Windows kernel Vulnerability CVE-2 0 1 6-0 1 4 3 analysis-vulnerability warning-the black bar safety net

4 on 2 0 March, Nils Sommer in the exploitdb on broke a new Windows kernel vulnerability PoC. The vulnerability affects all versions of Windows operating system, the attacker after the success of available privilege escalation, Microsoft in 4, on patch day fixes the vulnerability. 0×0 1...

7.8AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.21 views

Foxit Reader 7.3.0 UAF 漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/03 12:0 a.m.19 views

Microsoft Internet Explorer: UAF in MSHTML!CSVGHelpers::SetAttributeStringAndPointer

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/18 12:0 a.m.25 views

Microsoft Internet Explorer CButton 对象 UAF漏洞 任意代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2016/03/23 12:0 a.m.14 views

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin...

1.1AI score
Exploits0
exploitpack
exploitpack
added 2016/03/23 12:0 a.m.17 views

Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix

Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin...

1.1AI score
Exploits0
0day.today
0day.today
added 2016/03/23 12:0 a.m.51 views

Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715 The ActionScript parameter conversion in the fix for issue 403 https://code.google.com/p/google-security-research/issues/detail?id=403 can sometimes access a parameter on the...

10CVSS8.6AI score0.29798EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/03/23 12:0 a.m.35 views

Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715 The ActionScript parameter conversion in the fix for issue 403 https://code.google.com/p/google-security-research/issues/detail?id=403 can sometimes access a parameter on the native stack that is uninitialized. If: mc.swapDepth...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/03/23 12:0 a.m.41 views

Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen can sometimes...

7.4AI score
Exploits0
Rows per page
Query Builder