UBUNTU-CVE-2024-38828

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

GHSA-FG2V-W576-W4V3 Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...

Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation(CVE-2016-4132)

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

Flash Player < 25.0.0.148 Multiple RCE (APSB17-10)

Binary data 700058.prm...

Adobe Flash ByteArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2016-1709

Heap-based buffer overflow in the ByteArray::Get method in data/bytearray.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font...

CVE-2016-1709

CVE-2016-1709 describes a heap-buffer-overflow in the ByteArray::Get method of data/byte_array.cc in Google sfntly, affecting Google Chrome prior to 52.0.2743.82 (sfntly used by Chrome). The vulnerability could allow a remote attacker to cause a denial of service or other unspecified impact via a...

Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer

Source: https://code.google.com/p/google-security-research/issues/detail?id=698 There is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A minimal PoC is as follows: var s = new Sound; var b = new ByteArray; for var i = 0; i 1600; i++ b.writeByte1; b.position = 0;...

Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=698 There is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A minimal PoC is as follows: var s = new Sound; var b = new ByteArray; for...

Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter

Source: https://code.google.com/p/google-security-research/issues/detail?id=545 There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not a function. In the following ActionScript:...

Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter

Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter Source: https://code.google.com/p/google-security-research/issues/detail?id=545 There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not...

Python 3.5 Bytearray Pop And Remove Buffer Over-Read Vulnerability

Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject obsize is less than oballoc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a...

Adobe Flash Player - ByteArray Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player ByteArray Use After Free', 'Description' = %q This module exploits an use after free on Adobe Flash Player. The...

Adobe Flash Player ByteArray Use After Free Exploit

This Metasploit module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while handling ByteArray objects. This Metasploit module has been tested successfully on: Windows 7 S...

Adobe Flash Player ByteArray Use After Free

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player ByteArray Use After Free', 'Description' = %q This module exploits an use after free on Adobe Flash Player. The...

Adobe Flash ActionScript ByteArray Buffer UAF 代码执行

Vulcan 在第一时间进行了分析, 下面都是基于该报告1进行说明:漏洞的形成原因是 Clasz 类型给 ByteArray 类型赋值时调用 valueOf 函数过程中 buffer 使用不当，从而造成 Use After Free 漏洞。forvar i:int; i alen; i+=3 ai = new Class2i; ai+1 = new ByteArray; // 这里产生 ByteArray 类型数据 ai+1.length = 0xfa0; // 这里将 ByteArray 类型数据的初始长度设置为 0xfa0 // 进入 Adobe Flash Player 之后...

Adobe Flash ActionScript 3 ByteArray Use-After-Free Vulnerability

Adobe Flash Player contains a vulnerability within the ActionScript 3 ByteArray class, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9.0 through 18.0.0.194. Users and administrators are encouraged to review...

Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free

This module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress a malformed byte stream. This module has been tested successfully on: Windows 7 SP1 32 bits, IE 8 to IE 11 and Flash...

Adobe Flash Player - domainMemory ByteArray Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player domainMemory ByteArray Use After Free', 'Description' = %q This module exploits a use-after-free vulnerability in...