CVE-2022-28285

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities

It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. CVE-2022-28285 It was discovered that SpiderMonkey JavaScript Library incorrectly generated certai...

USN-5494-1 mozjs91 vulnerabilities

It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. CVE-2022-28285 It was discovered that SpiderMonkey JavaScript Library incorrectly generated certai...

Ubuntu 22.04 LTS : SpiderMonkey JavaScript Library vulnerabilities (USN-5494-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5494-1 advisory. It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to...

FindFunc - Advanced Filtering/Finding of Functions in IDA Pro

FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary f...

CVE-2022-28285

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have been used for an out-of-bounds memory read...

UBUNTU-CVE-2022-28285

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the...

OESA-2021-1406 icu security update

Tools and utilities for developing with icu. Security Fixes: International Components for Unicode ICU-20850 v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.CVE-2020-21913...

CVE-2020-21913

International Components for Unicode ICU-20850 v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp...

UBUNTU-CVE-2020-21913

International Components for Unicode ICU-20850 v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp...

Iblessing - An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis

iblessing iblessing is an iOS security exploiting toolkit, it mainly includes application information collection , static analysis and dynamic analysis. iblessing is based on unicorn engine and capstone engine. Features Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract,...

Windows/7 - Screen Lock Shellcode (9 bytes)

Title: Windows/7 - Screen Lock Shellcode 9 bytes Author: Saswat Nayak Date: 2020-01-22 Shellcode length 9 Tested on: Win 7 SP1-64 / Assembly code follows xor eax,eax xor ebx,ebx xor ecx,ecx mov eax,0x00000002 mov ebx,0x00020000 push ebx push al mov ecx,0x77661497 call ecx / char code=...

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)

Title: Linux/x86 NOT|ROT+8 Encoded execve/bin/sh null-free Shellcode 47 bytes Author: Daniel Ortiz Date: 2019-10-30 Tested on: Linux 4.18.0-25-generic 26 Ubuntu Size: 47 bytes SLAE ID: PA-9844 ----------------------- execve ------------------------------------------------ global start section .te...

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)

/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...

CVE-2019-6488

The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in...

Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)

/ reverse shell tcp 1907 port shellcode C language - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 119 bytes compilation: gcc -fno-stack-protector -z execstack reverse-shell.c -o reverse-shell Test: run your machine: nc -vlp 1907 and run exploit ./reverse-shell check...

GNU C Library Denial of Service Vulnerability (CNVD-2018-05199)

The GNU C Library is an open-source, free, easy-to-download C compiler released under the LGPL license. A denial of service vulnerability exists in GNU C Library 2.26 in string/basename.c in basename. An attacker can exploit this vulnerability with specially crafted parameters to cause a denial o...

Linux/x86 chmod 777 /etc/sudoers Shellcode (36 bytes)

/ Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissions ; OS : Linux ; Arch : x86 ; Size : 36 bytes chmod.nasm global start section .text start: ;...

Integer overflow

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than...