Dup Scout Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise versions 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise...

Rockwell Automation Logix Controller Stack Buffer Overflow (CVE-2016-9343)

A stack buffer overflow vulnerability exists in Rockwell Automation Logix Controllers. The vulnerability is due to insufficient bounds checking. A successful exploitation could lead to arbitrary code execution...

Mini-Stream RM-MP3 Converter PLS File Stack Buffer Overflow

A stack buffer overflow vulnerability exists in Mini-Stream RM-MP3 Converter. The vulnerability is due to insufficient bounds checking on a PLS file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted PLS file. Successful exploitation could lead to...

Disk Sorter Enterprise 9.5.12 GET Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Disk Sorter Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerabilit...

VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening...

Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation

Oracle VM VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of...

Disk Sorter Enterprise GET Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86. This...

SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)

This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed : - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068. Note that Tenable Network Security has extracted the preceding...

CVE-2017-3817

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.50.1...

Design/Logic Flaw

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.50.1...

CVE-2017-3817

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.50.1...

SUSE-SU-2017:0962-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing bsc1024044. - CVE-2017-5848: rewrite PSM parsing to add bounds checking bsc1024068...

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. The vulnerability is due to improper role-based user checks. An...

macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriCo

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1069 MacOS kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability Selector 0x710 of IntelFBClientControl ends up in...

Cain And Abel RDP File Stack Buffer Overflow (CVE-2008-5405)

A stack-based buffer overflow exists in Oxid Cain and Abel. The vulnerability is due to insufficient bounds checking on a RDP file. A remote attacker could exploit this vulnerability by enticing a victim to open a specially crafted RDP file. Successful exploitation could allow administrator acces...

macOS Kernel 10.12.2 (16C67) - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack o

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1071 Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controll...

Apple macOSiOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking

Apple macOSiOS Kernel 10.12.3 16D32 - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much any...

Apple macOS Kernel 10.12.2 (16C67) - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack of Bounds Checking

Apple macOS Kernel 10.12.2 16C67 - AppleIntelCapriController::GetLinkConfig Code Execution Due to Lack of Bounds Checking / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1071 Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method...

MacOS kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability(CVE-2017-2489)

MacOS kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability Selector 0x710 of IntelFBClientControl ends up in AppleIntelCapriController::getDisplayPipeCapability. This method takes a structure input and output buffer. It reads an attacker...

MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig (CVE-2017-2443)

Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to index an array of pointers with no bounds checking: This pointer is passed...