chromium-browser: universal xss in blink

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

Disk Sorter Enterprise 9.0.24 - Login Remote Buffer Overflow

Disk Sorter Enterprise 9.0.24 - Login Remote Buffer Overflow !/usr/bin/python print "Disk Sorter Enterprise 9.0.24 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT...

DEBIAN-CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

Design/Logic Flaw

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

CVE-2016-2830

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...

DEBIAN-CVE-2016-2830

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...

Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)

/ Title: Axis Communication Linux/CRISv32 - Connect Back Shellcode Author: bashis / 2016 / include char sc = //close0 "\x7a\x86" // clear.d r10 "\x5f\x9c\x06\x00" // movu.w 0x6,r9 "\x3d\xe9" // break 13 //close1 "\x41\xa2" // moveq 1,r10 "\x5f\x9c\x06\x00" // movu.w 0x6,r9 "\x3d\xe9" // break 13...

Linux 64bit Ncat Shellcode SSL, MultiChannel, Persistant, Fork, IPv4/6, Password - 176 bytes

Linux 64bit Ncat Shellcode SSL, MultiChannel, Persistant, Fork, IPv4/6, Password - 176 bytes. Shellcode exploit for linx86-64 platform include include // Exploit Title: Linux 64bit Ncat + SSL + MultiChannel + Persistant + Fork + IPv4/6 + Password 176byte // Date: 7/5/2016 // Exploit Author:...

Microsoft Word (Windows/OSX) - Crash (PoC)

Source: https://twitter.com/halsten/status/740380171694280704 Win/Mac MSFT Word 0day POC having 3 different forced triggers. Happy exploitation! Let Word recover it, its essential, and then you can trigger the bug afterwards in 3 ways, Save, Close/Save, change format. Proof of Concept:...

FreeBSD : h2o -- use after free on premature connection close (65bb1858-27de-11e6-b714-74d02b9a84d5)

Tim Newsha reports : When H2O tries to disconnect a premature HTTP/2 connection, it calls free3 to release memory allocated for the connection and immediately after then touches the memory. No malloc-related operation is performed by the same thread between the time it calls free and the time the...

Adobe Acrobat Pro DC Close Page Action Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)

/ Title : Linux x8664 bind tcp : port 1472 ipv6 Date : 02/05/2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 Contact : email protected / / section .text global start start: ;;socket xor rax,rax push 6 push 0x1 push 10 pop rdi pop rsi pop rdx mov al,41 ;socket syscall...

DEBIAN-CVE-2016-2548

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service system crash via a crafted ioctl call, related to the 1 sndtimerclose and 2 sndtimerstop functions...

Encrypted Smartphone Network Seized by Dutch Police for Criminal Investigation

On Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa, on suspicion of money laundering and involvement in selling encrypted smartphones to criminals. Manupassa owns a company called Ennetcom, which provides customized Blackberry Phones with the secure PGP-encrypted network...

Close Up Pics - Zoomed Quiz - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Close Up Pics - Zoomed Quiz published at the 'play' market has multiple vulnerabilities...

Close Up Character - Pic Quiz! - Customized SSL, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Close Up Character - Pic Quiz! published at the 'play' market has multiple vulnerabilities...

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections...