Lucene search
K

154 matches found

Binamuse
Binamuse
added 2014/09/19 8:20 p.m.667 views

CoreGraphics Memory Corruption - CVE-2014-4377

Apple CoreGraphics library fails to validate the input when parsing the colorspace specification of a PDF XObject resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input in any application linked with the affected framework. Usi...

6.8CVSS8.4AI score0.06947EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.46 views

Virtual PC Hypervisor Memory Protection Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Virtual PC Hypervisor Memory Protection Vulnerability 1. Advisory Information Title: Virtual PC Hypervisor Memory Protection...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

VLC Media Player 2.0.4 (.swf) - Crash PoC

No description provided by source. Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : www.videolan.org/vlc/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh VLC media player...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/07/01 12:0 a.m.70 views

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)

function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500 string2 += string2; var fr = new Array; var al = new Array...

9.3CVSS6.3AI score0.64962EPSS
Exploits27
ThreatPost
ThreatPost
added 2014/02/24 8:43 a.m.85 views

Complete Microsoft EMET Bypass Developed

SAN FRANCISCO — Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit EMET. Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning...

9.3CVSS1.2AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2014/02/14 2:27 p.m.40 views

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

9.3CVSS0.6AI score0.85239EPSS
Exploits23References6
Tenable Nessus
Tenable Nessus
added 2013/12/06 12:0 a.m.18 views

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

5.3AI score
Exploits0References2
Drupal
Drupal
added 2013/11/20 12:0 a.m.687 views

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...

6.8CVSS7.1AI score0.03072EPSS
Exploits0References28
FreeBSD
FreeBSD
added 2013/11/20 12:0 a.m.15 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

0.6AI score
Exploits0References1
MSRC
MSRC
added 2013/08/12 7:0 a.m.8 views

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/05/16 12:3 a.m.20 views

[DEP Process Scanner] Tool to scan and show all the DEP enabled Processes

DEP Process Scanner is the free command-line tool to scan and show all the DEP enabled Processes. Data Execution Prevention DEP is a security feature introduced since Windows XP SP2 onwards and designed to prevent an application executing code from a non-executable memory regions such as Stack or...

8.2AI score
Exploits0
CERT
CERT
added 2013/02/07 12:0 a.m.22 views

Nuance PDF viewing products contain multiple vulnerabilities

Overview Nuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Nuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of...

9.3CVSS7.3AI score0.0322EPSS
Exploits0References5
CERT
CERT
added 2013/01/25 12:0 a.m.34 views

Foxit Advanced PDF Editor 3 contains a stack buffer overrun vulnerability

Overview Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability. Description Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability that may be exploited by an attacker that is able to successful...

7.6CVSS7.4AI score0.03891EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2012/12/27 4:47 p.m.13 views

Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

There’s nothing like a zero-day to ruin the holiday break, but that’s just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker. Pet...

1.4AI score
Exploits0References1
seebug.org
seebug.org
added 2012/12/11 12:0 a.m.22 views

VLC Media Player 'swf'文件栈缓冲区溢出漏洞

BUGTRAQ ID: 56861 VLC Media Player是多媒体播放器(最初命名为VideoLAN客户端)是VideoLAN计划的多媒体播放器。 VLC media player 2.0.4及其他版本在处理恶意文件时没有正确进行边界检查,通过诱使受害者打开特制的SWF文件,远程攻击者可利用此漏洞使缓冲区溢出,在系统中执行任意代码或造成应用崩溃。 0 VLC Media Player 2.0.4 厂商补丁: VideoLAN -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2012/12/07 12:0 a.m.37 views

VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)

Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : www.videolan.org/vlc/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh VLC media player also known as VLC is a highly...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/12/06 12:0 a.m.22 views

VLC media player 2.0.4 buffer overflow PoC

buffer overflow during the handling of the swf file context-dependent Successful exploits can allow attackers to execute arbitrary code Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http://www.videolan.org/vlc/ Impact : Med/High Contact :...

8.3AI score
Exploits0
CERT
CERT
added 2012/11/20 12:0 a.m.69 views

Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers

Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...

9.3CVSS8.2AI score0.08119EPSS
Exploits0References13
exploitpack
exploitpack
added 2012/07/23 12:0 a.m.17 views

MyMp3 Player Stack - .m3u File DEP Bypass

MyMp3 Player Stack - .m3u File DEP Bypass ''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: [email protected] Blog: unlearningsecurity.blogspot.com Advisor:...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/01/28 12:0 a.m.73 views

MS12-004 midiOutPlayNextPolyEvent Heap Overflow

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

7.1AI score0.69499EPSS
Exploits12
Rows per page
Query Builder