NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=892 The handler for the DxgkDdiEscape escape code 0x70000D4 has the following pseudocode: void fastcall escape70000D4NvMiniportDeviceContext a1, NvEscapeData a2 Escape70000D4...

Ruby Fiddle::Function.new Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0034 Ruby Fiddle::Function.new Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2339 DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new “initialize” function functionality of Ruby. In Fiddle::Function.new...

Microsoft Win32k Elevation of Privilege (MS16-039: CVE-2016-0165)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is due to the way Windows deals with allocation of an Edge buffer. A remote attacker can exploit this vulnerability by running a specially crafted application...

Apple Mac OSX iOS - Double-Delete IOHIDEventQueue::start Code Execution

Apple Mac OSX iOS - Double-Delete IOHIDEventQueue::start Code Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=542 The IOHIDLibUserClient allows us to create and manage IOHIDEventQueues corresponding to available HID devices. Here is the ::start method, which...

Apple Mac OSX / iOS - Double-Delete IOHIDEventQueue::start Code Execution

Source: https://code.google.com/p/google-security-research/issues/detail?id=542 The IOHIDLibUserClient allows us to create and manage IOHIDEventQueues corresponding to available HID devices. Here is the ::start method, which can be reached via the IOHIDLibUserClient::startQueue external method:...

Veeam Agent for Microsoft Windows job displays warning: Partition exceeds disk layout

Challenge A Veeam Agent for Microsoft Windows backup job displays the following warning: Partition exceeds disk layout by bytes This warning may be accompanied by the error: Error: The drive cannot find the sector requested. Asynchronous read operation failed Failed to upload disk. Agent failed t...

Adobe Acrobat and Reader Stack Underflow (APSB15-15: CVE-2015-5098)

A stack underflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted EMF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file...

CVE-2014-4064

CVE-2014-4064 is a Windows kernel-information-disclosure vulnerability caused by improper use of the paged kernel pool to allocate uninitialized memory in kernel-mode drivers. A local attacker could exploit this to read kernel memory addresses on vulnerable Windows editions (Vista SP2, Server 200...

Linux & BSD umount Local Root Exploit

No description provided by source. / Reminder - Be sure to fix the includes /str0ke / -------------------------------------- linuxumountexploit.c ---------- include include include include include include define PATHMOUNT /bin/umount define BUFFERSIZE 1024 define DEFAULTOFFSET 50 ulong getesp...

Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...

VMware Patches Fix Privilege Escalation Vulnerability

Virtualization software company VMware pushed out patches for some builds of its Workstation, Fusion, ESXi and ESX products this week, fixing a vulnerability that could have led to a privilege escalation in older Windows operating systems running in a virtual environment. The main problem is the...

CVE-2013-1992

Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 DMXGetScreenAttributes, 2 DMXGetWindowAttributes, and 3 DMXGetInputAttributes functions...

Integer overflow

Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function...

CVE-2013-1985

Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function...

CVE-2013-1983

Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function...

Mandriva Linux Security Advisory : imagemagick (MDVSA-2013:092)

Updated imagemagick packages fix security vulnerability : The Magickpngmalloc function in coders/png.c in ImageMagick 6.7.8-6 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service crash via a crafted PNG file tha...

ruby -- DoS vulnerability in REXML

Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. The CVE identifier will be assigned later. We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string...

Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)

This host is missing an important security update according to Microsoft Bulletin MS12-033. OpenVAS Vulnerability Test $Id: secpodms12-033.nasl 5341 2017-02-18 16:59:12Z cfi $ Microsoft Windows Prtition Manager Privilege Elevation Vulnerability 2690533 Authors: Rachana Shetty Copyright: Copyright...

glibc security and bug fix update

2.12-1.47.el62.9 - Always use another area after a failed allocation in the main arena 795328 - Remove sse3 memcpy 695812 changes 799259 2.12-1.47.el62.8 - Avoid nargs integer overflow which could be used to bypass FORTIFYSOURCE 794815 2.12-1.47.el62.7 - Fix locking on malloc family retry paths...

Mozilla Foundation Security Advisory 2011-41

Mozilla Foundation Security Advisory 2011-41 Title: Potentially exploitable WebGL crashes Impact: Critical Announced: September 27, 2011 Reporter: Michael Jordan, Ben Hawkes Products: Firefox, SeaMonkey Fixed in: Firefox 7.0 SeaMonkey 2.4 Description Michael Jordon of Context IS reported that in...