GNU binutils - decode_pseudodbg_assert_0 Buffer Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21586 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

GNU binutils - disassemble_bytes Heap Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

CVE-2017-1289

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

WordPress 3.3-4.7.4 - Large File Upload Error XSS

...

CVE-2017-7698

A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02...

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3072)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability

Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...

CVE-2017-7477

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAXSKBFRAGS+1 size in conjunction with the NETIFFFRAGLIST feature, leading...

LibSass: stack overflow #4 in libsass

./sassc test385 /dev/null triggers this stack overflow. ==1001==ERROR: AddressSanitizer: stack-overflow on address 0x7ffeaf4f4fa0 pc 0x0000008b63fd bp 0x7ffeaf4f5130 sp 0x7ffeaf4f4f40 T0 0 0x8b63fc in char const Sass::Parser::lexbool, bool /home/geeknik/libsass/src/parser.hpp:137 1 0x87a337 in...

Microsoft Office Suite Remote Code Execution Vulnerability (KB3141529)

This host is missing a critical update for Microsoft Office Suite according to Microsoft KB3141529. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can send an image file to the system that can cause a out of range error, crashing the system...

CVE-2017-0885

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception...

Mozilla Firefox table use-after-free（CVE-2017-5404）

Mozilla bug tracker link: https://bugzilla.mozilla.org/showbug.cgi?id=1340138 There is a use-after-free security vulnerability in Firefox. The vulnerability was confirmed on the nightly ASan build. PoC and ASan log can be found below. Notes for reproducing: - PoC uses domFuzzLite3 extension...

CVE-2017-0881

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

GLSA-201703-04 : cURL: Certificate validation error

The remote host is affected by the vulnerability described in GLSA-201703-04 cURL: Certificate validation error cURL and applications linked against libcurl support OCSP stapling, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL...

Joomla! Component Guesser v1.0.4 - SQL Injection

Joomla! Component Guesser v1. 0. 4 - SQL Injection Joomla! Component Guesser v1. 0. 4, There is parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can be directly used Google Dork: inurl:index. php? option=comguesser...

shopify-scripts: SIGABRT in only mirb

PoC ------------------- The following code triggers the bug attached as test.rb: def tostr 00end 0.times Debug - mirb ------------------- The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb -...

shopify-scripts: SIGSEGV - mark_context_stack

PoC ------------------- The following code triggers the bug attached as testmarkcontextstack.rb: def one tooyieldend def too yield ensure onebreakend one Debug - mirb ------------------- Starting program: /home/x/Desktop/test/mruby/bin/mirb testmarkcontextstack mirb - Embeddable Interactive Ruby...

CVE-2016-8974

CVE-2016-8974 affects IBM Rhapsody DM/Design Manager (versions 4.0–6.0). The vulnerability is a denial-of-service due to an XML External Entity Injection (XXE) when processing XML, which could also expose sensitive data or exhaust memory. IBM security notes specify affected ranges and fixes: 4.0....

FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)

The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...