964 matches found
Bytecode Viewer - A Java 8 Jar & Android Apk Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java...
RHEL 7 : groovy (RHSA-2017:2486)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2486 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby,...
Microsoft Edge: Chakra: Integer overflow in EmitNew(CVE-2017-8636)
The bytecode generator uses the "EmitNew" function to handle new operators. Here's the code how the function checks for integer overflow. void EmitNewParseNode pnode, ByteCodeGenerator byteCodeGenerator, FuncInfo funcInfo Js::ArgSlot argCount = pnode-sxCall.argCount; argCount++; // include "this"...
Microsoft Edge Chakra - EmitNew Integer Overflow
Microsoft Edge Chakra - EmitNew Integer Overflow sxCall.argCount; argCount++; // include "this" BOOL fSideEffectArgs = FALSE; unsigned int tmpCount = CountArgumentspnode-sxCall.pnodeArgs, &fSideEffectArgs; AssertargCount == tmpCount; if argCount != Js::ArgSlotargCount Js::Throw::OutOfMemory;...
Microsoft Edge Chakra EmitNew Integer Overflow
Microsoft Edge: Chakra: Integer overflow in EmitNew CVE-2017-8636 The bytecode generator uses the "EmitNew" function to handle new operators. Here's the code how the function checks for integer overflow. void EmitNewParseNode pnode, ByteCodeGenerator byteCodeGenerator, FuncInfo funcInfo Js::ArgSl...
Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing
000c ProfiledLdEnvSlot R4 = 13 Line 28: super.a = 1; Col 13: ^ 0018 LdHomeObjProto R8 R4 001d ProfiledStSuperFld R8.this=R5 = R3 0 0025 LdUndef R0 Line 29: Col 9: ^ 0027 Ret PoC: -- class Parent ; class Child extends Parent constructor = super.a = 10; // Implicitly use the "this" register. So it...
Microsoft Edge Scripting Engine Information Disclosure Vulnerability(CVE-2017-8659)
There is an issue in Chakra JIT server that can be potentially exploited to compromise the JIT process from a compromised browser content process. Bugs like this could potentially be used to bypass ACG Arbitrary Code Guard in Microsoft Edge. The issue has been confirmed on a ChakraCore build from...
Microsoft Edge Chakra EmitAssignment Register Issue Exploit
Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing. Microsoft Edge: Chakra: EmitAssignment uses the "this" register without initializing "EmitAssignment" doesn't call "EmitSuperMethodBegin" that initializes the "this" register for the case when t...
Microsoft Edge Chakra - 'EmitNew' Integer Overflow
sxCall.argCount; argCount++; // include "this" BOOL fSideEffectArgs = FALSE; unsigned int tmpCount = CountArgumentspnode-sxCall.pnodeArgs, &fSideEffectArgs; AssertargCount == tmpCount; if argCount != Js::ArgSlotargCount Js::Throw::OutOfMemory; ... "Js::ArgSlot" is a 16 bit unsigned integer type...
Microsoft Edge Chakra EmitNew Integer Overflow Exploit
Google Security Research Microsoft Edge: Chakra: Integer overflow in EmitNew CVE-2017-8636 The bytecode generator uses the "EmitNew" function to handle new operators. Here's the code how the function checks for integer overflow. void EmitNewParseNode pnode, ByteCodeGenerator byteCodeGenerator,...
Microsoft Edge Charka PreVisitCatch Missing Call
Microsoft Edge: Chakra: PreVisitCatch doesn't call SetIsCatch for all cases CVE-2017-8656 function trigger try catch x var x = 1; printx; trigger; When Chakra executes the above code, it declares two "x"s. One is only for the catch scope, the other is for the whole function scope. The one for the...
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check(CVE-2017-2531)
WebKit: JSC: incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if...
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check Vulnerability
Exploit for multiple platform in category dos / poc WebKit: JSC: incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope CVE-2017-2531 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContex...
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check
WebKit: JSC: incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope CVE-2017-2531 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool...
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...
cassandra_macro (>=0.1.1 <=0.1.3), cdrs (>=0.1.0 <=4.0.0-beta.1) +19 more potentially affected by unknown CVE via lz4-compress (>=0.1.0 <=0.1.1)
lz4-compress CARGO version =0.1.0, =0.1.1, =0.1.0, =1.0.0, =0.3.3, =0.3.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2017-0007...
Python Steganography Tool: Stegosaurus
Python Steganography Tool A steganography tool for embedding payloads within Python bytecode. Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode pyc or pyo files. The embedding process does not alter the runtime behavior or file size of the carrier fil...
SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...
[SECURITY] Fedora 24 Update: groovy-2.4.5-8.fc24
Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you ca...