Apple OS X Kernel Information Disclosure Vulnerability

Apple OS X is a specialized operating system developed by Apple for Mac computers. kernel is one of the kernel components. A security vulnerability exists in the debugging interface of the Kernel in Apple OS X 10.10.5 and earlier versions. A local attacker could exploit this vulnerability to obta...

Mango Automation Multiple Vulnerabilities

Mango Automation is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash - 'uint' Capacity Field

Source: https://code.google.com/p/google-security-research/issues/detail?id=504 The latest version of the Vector. length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it’s no longer possible to obviously bypass the length check there’s still...

Mango Automation 2.6.0 Unprotected Debug Log View

Mango Automation 2.6.0 Unprotected Debug Log View Vulnerability Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application tha...

Linux Memory Scanner: scanmem

Linux Memory Scanner scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times. After several scans of the process, scanmem...

Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)

Source: https://code.google.com/p/google-security-research/issues/detail?id=339 The attached PoC demonstrate a use-after-free condition that occurs when operating on a DeferWindowPos object from multiple threads. The DeferWindowPos call will trigger and block on the execution of a window procedur...

Android 5. x-System-lock-screen bypass vulnerability, multi-vulnerability warning-the black bar safety net

Even if you use encryption the lock screen, the one present in Android 5. 1. 1 before the 5. x system vulnerabilities will also help an attacker to successfully bypass and get you phone access access. ! When your phone's camera app is in the active state, the hacker through the encrypted password...

Windows ATMFD.DLL CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access

CVE-2015-2460We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---PAGEFAULTINNONPAGEDAREA 50Invalid system memory was referenced. This cannot be protected by try-except,it must be protected by a Probe...

Android 5. x vulnerability: the hacker can bypass the screen password to enter the system-vulnerability warning-the black bar safety net

Many Android users will choose to use a lock screen password protect the device, but the latest burst of vulnerability was shocking: any person who without complex operation can bypass the lock screen directly into your system! An attacker can exploit the pilot gets a lock on the device all the...

Android Lockscreen Bypass Security Patch

Boredom led John Gordon to discover a technique that bypassed the lockscreen on his Android device. By entering a long string of random characters into the password field after opening the phone’s camera app, Gordon said he was able to get to the home screen and eventually access anything stored ...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

Hacking ipcam like Harold in POI-vulnerability warning-the black bar safety net

0x00 for ipcam attack mesh and preparation 0x01 for embedded devices parameter injection vulnerability to conventional weapons and methods of analysis 0x02 several wonderful case 0x03 Hacking like POI 0x00 preparation This time we discussed is the analysis of the smart camera firmware,through a...

A null pointer vulnerability Protection Technology-primary-vulnerability warning-the black bar safety net

Safety history due to a null pointer brought the vulnerability and attacks are numerous, but because of its use of the programming skills required for analysis and protective to have higher requirements, so the domestic to the null pointer vulnerability and a discussion of the related art is not...

A null pointer vulnerability protection technology to improve the article-vulnerability warning-the black bar safety net

In the null pointer vulnerability protection technology-the primary article, we introduced a null pointer and a null pointer vulnerability concept, in this advanced article describes a null pointer use and the corresponding protection mechanisms. Author: sun Jian slope Directory 1 to improve the...

Microsoft Windows - 'ATMFD.dll' CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access

Source: https://code.google.com/p/google-security-research/issues/detail?id=384&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. Th...

Microsoft Windows - 'ATMFD.DLL' CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access

Source: https://code.google.com/p/google-security-research/issues/detail?id=383&can=1 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This cannot be protect...

Microsoft Windows - ATMFD.DLL CFF table (ATMFD+0x34072 ATMFD+0x3407b) Invalid Memory Access

Microsoft Windows - ATMFD.DLL CFF table ATMFD+0x34072 ATMFD+0x3407b Invalid Memory Access Source: https://code.google.com/p/google-security-research/issues/detail?id=383&can=1 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file: -...

Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec

Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id To reproduce, host the attached files appropriately and: http://localhost/LoadMP4.swf?file=crash4000368.flv If there is no crash at first, refresh...

Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities

Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged...

HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...