10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEHDEP Bypass Date: 01-29-19 Vulnerable Software: 10-Strike Network Inventory Explorer 8.54 Vendor Homepage: https://www.10-strike.com/ Version: 8.54 Software Link...

Improved Fallout EK comes back after short hiatus

Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains

didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred; setStructurevm, newStructure; else putDirectvm, knownPolyProtoOffset, prototype; if...

ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals

Maybe holiday cheer makes people less cynical. If so, that explains why social-engineering spam tactics prove to be more effective during the festive season. New research shows that spam campaigns disguised as delivery notifications or online shopping invoices, while always a favored tactic by...

CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

Design/Logic Flaw

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

UBUNTU-CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-17469

Removed by vendor...

Exploit kits: fall 2018 review

Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...

[SECURITY] Fedora 28 Update: rsyslog-8.37.0-1.fc28

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

USN-3654-1 linux, linux-aws, linux-kvm, vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

Ropper - Display Information About Files In Different File Formats And You Can Find Gadgets To Build Rop Chains For Different Architectures (X86/X86_64, ARM/ARM64, MIPS, PowerPC)

You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures x86/X8664, ARM/ARM64, MIPS/MIPS64, PowerPC. For disassembly ropper uses the awesome Capstone Framework. NOTE: I recommend to use th...

CVE-2018-1000085

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xarhashcheck that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This...

CVE-2018-1000085

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xarhashcheck that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This...

CVE-2018-1000085

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xarhashcheck that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This...

Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check

/ The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void Lowerer::LowerSetConcatStrMultiItemIR::Instr instr ... IR::IndirOpnd dstLength = IR::IndirOpnd::NewconcatStrOpnd,...