172 matches found
PHP DateTime Use-After-Free
Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...
CoreGraphics Memory Corruption - CVE-2014-4377
Apple CoreGraphics library fails to validate the input when parsing the colorspace specification of a PDF XObject resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input in any application linked with the affected framework. Usi...
VLC Media Player 2.0.4 (.swf) - Crash PoC
No description provided by source. Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : www.videolan.org/vlc/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh VLC media player...
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)
function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500 string2 += string2; var fr = new Array; var al = new Array...
Small HTTP Server <= 3.05.28 Arbitrary Data Execution Exploit
No description provided by source. !/usr/bin/perl sHTTP FTPServer Abritary Data Execution Exploit -------------------------------------------------- Infam0us Gr0up - Securiti Research E:\PERLperl shttp.pl localhost C:\shttps ? Version: libwww-perl-5.76 + Connect to localhost... + Connected + Send...
Virtual PC Hypervisor Memory Protection Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...
VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days
Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...
OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.0m. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0m advisory. - The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data...
Complete Microsoft EMET Bypass Developed
SAN FRANCISCO — Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit EMET. Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning...
New IE Zero Day Found Targeting Military Intelligence
Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...
[DEP Process Scanner] Tool to scan and show all the DEP enabled Processes
DEP Process Scanner is the free command-line tool to scan and show all the DEP enabled Processes. Data Execution Prevention DEP is a security feature introduced since Windows XP SP2 onwards and designed to prevent an application executing code from a non-executable memory regions such as Stack or...
Nuance PDF viewing products contain multiple vulnerabilities
Overview Nuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Nuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of...
Foxit Advanced PDF Editor 3 contains a stack buffer overrun vulnerability
Overview Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability. Description Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability that may be exploited by an attacker that is able to successful...
Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines
There’s nothing like a zero-day to ruin the holiday break, but that’s just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker. Pet...
VLC Media Player 'swf'文件栈缓冲区溢出漏洞
BUGTRAQ ID: 56861 VLC Media Player是多媒体播放器(最初命名为VideoLAN客户端)是VideoLAN计划的多媒体播放器。 VLC media player 2.0.4及其他版本在处理恶意文件时没有正确进行边界检查,通过诱使受害者打开特制的SWF文件,远程攻击者可利用此漏洞使缓冲区溢出,在系统中执行任意代码或造成应用崩溃。 0 VLC Media Player 2.0.4 厂商补丁: VideoLAN -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : www.videolan.org/vlc/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh VLC media player also known as VLC is a highly...
VLC media player 2.0.4 buffer overflow PoC
buffer overflow during the handling of the swf file context-dependent Successful exploits can allow attackers to execute arbitrary code Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http://www.videolan.org/vlc/ Impact : Med/High Contact :...
Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers
Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...
MyMp3 Player Stack - .m3u File DEP Bypass
MyMp3 Player Stack - .m3u File DEP Bypass ''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: [email protected] Blog: unlearningsecurity.blogspot.com Advisor:...