CVE-2019-25485

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

EUVD-2018-8339

Malware in sbrugna...

10-Strike Bandwidth Monitor 3.9 Buffer Overflow

Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pr...

CVE-2018-16530

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution RCE vulnerabilities exist, as with all buffer overflows, the possibility of RCE...

Stack overflow

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution RCE vulnerabilities exist, as with all buffer overflows, the possibility of RCE...

PT-2019-9318 · Forcepoint · Forcepoint Email Security

Name of the Vulnerable Software and Affected Versions: Forcepoint Email Security version 8.5 Description: A stack-based buffer overflow allows an attacker to craft malicious input, potentially crashing a process and creating a denial-of-service. Although no known Remote Code Execution RCE...

Mozilla Firefox, Firefox ESR and Thunderbird Memory Corruption Vulnerability (CNVD-2018-12100)

Mozilla Firefox, Firefox ESR, and Thunderbird are products developed by the Mozilla Foundation.Firefox is an open source web browser, and Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client software...

Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability

Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...

Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities

Binary data 9928.prm...

AVG Internet Security Security Bypass Vulnerability

AVG Internet Security is a suite of Internet security software from the Czech company AVG. The AVG Internet Security 2015 program protects user-mode processes by allocating memory with Read, Write, Execute RWX privileges in predictable addresses, allowing an attacker to bypass the DEP and ASLR...

on windows systems use the VS compiler to buffer overflow preventive measures-vulnerability warning-the black bar safety net

0x01 /GS --buffer security check If you use the/GS compile the program to insert code to detect possible overwrite the function return address of buffer overflows. If the occurrence of a buffer overflow, the system will display to the user a warning dialog, and then terminate the program. Thus, t...

Return-into-libc attack and Defense-bug warning-the black bar safety net

This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days

Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...

ASLR Added to Android 4.0

The newest version of the Android mobile operating system includes a major security upgrade, the presence of address space layout randomization ASLR, which gives users some better protection against memory-corruption exploits. The inclusion of ASLR in Android 4.0, also known as “Ice Cream...

Microsoft Warns On New Browser Vulnerability

Microsoft on Wednesday issued a security advisory to users of its Internet Explorer Web browser about a newly disclosed vulnerability that could be exploited and used to run malicious code on vulnerable Windows systems. The Redmond, Washington company said it is investigating new, public reports ...

Microsoft IE对象处理内存破坏漏洞

Internet Explorer是微软公司开发的广为流行的网络浏览器。 IE在处理畸形格式的网页标记时存在内存对象处理错误，远程攻击者可能利用此漏洞通过精心构造恶意标记数据导致IE处理时执行攻击者指定的任意指令。 此漏洞目前被挂马攻击者积极利用来向用户系统植入恶意软件，而且微软还未发布针对此漏洞的补丁。 Microsoft Internet Explorer 7.0 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 暂时不要使用IE 7浏览网页，可以使用Opera或Firefox。...

Windows Server 2003 Service Pack 1

Windows Server 2003 Service Pack 1 SP1 enhances manageability, control, and security infrastructure by providing new security tools such as Security Configuration Wizard, which helps secure your server for role-based operations. SP1 improves defense-in-depth with Data Execution Protection, and...