CVE-2016-2375

An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure...

CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution...

KLA10812 Privilege escalation vulnerabilities in Lenovo Solution Center

Multiple serious vulnerabilities have been found in Lenovo Solution Center. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities 1. An unknown vulnerability at SystemService can be exploited locally to terminate arbitrary process via...

Internet Bug Bounty: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize

https://bugs.php.net/bug.php?id=72434 This vulnerability was discovered during the auditing of a vendor on Hackerone. Similar to our other submission on bugs.php.net and here, this vulnerability is remotely exploitable. Please feel free to ask for more technical details if necessary. Thank you fo...

SAP NetWeaver Java 7.5 XXE

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 10.01.2017 Reference: SAP Security Note 2347439 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact: Denial of...

Blat 3.2.14 - Stack Overflow

Exploit for windows platform in category dos / poc 1. Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open...

PT-2016-2253 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 21.0.0.242 and earlier Description: The issue is related to errors in the code of Adobe Flash Player, which can be exploited by a remote attacker to impact the integrity, availability, and confidentiality of...

Blat 3.2.14 Denial Of Service

Hi Hackers, Greetings from Vishnu @dh4wk 1. Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open source...

BookingWizz LFI / XSS / CSRF / SQL Injection

ADVISORY INFORMATION ======================================== Title: BookingWizz Default username/password: admin/pass"; PR2 - Cross Site Scripting ======================================== File : eventList.php // Improper user input validation on Line 24: $serviceID =...

Ruby pack_pack Use After Free Vulnerability

Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We can race external metho...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NU...

Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=778 IOAccelerator external method IOAccelSharedUserClient2::pageoffresource uses the pointer at this+0x100 without checking if it's NULL. A series of dereferences from this pointer...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeF

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=784 The method nvCommandQueue::GetHandleIndex doesn't check whether this+0x5b8 is non-null before using it. We can race a call to this method this with another thread calling...

Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=776 IOAudioEngineUserClient::closeClient sets the audioEngine member pointer to NULL IOReturn IOAudioEngineUserClient::closeClient audioDebugIOLog3, "+ IOAudioEngineUserClient%p::closeClient\n", this; if audioEngine && !isInactiv...

Debian Security Advisory DSA 3597-1 (expat - security update)

Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702It was introduced when CVE-2012-0876 was addressed. Stefan Srensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls...

Buffer overflow parsing HTML5 fragments — Mozilla

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document...

League Of Legends Screensaver Unquoted Service Path Privilege Escalation

Exploit Title: League of Legends Screensaver Unquoted Service Paths Conditional Privilege Escalation. CVE-ID: NA Date: 13/04/2016 Exploit Author: Vincent Yiu Contact: [email protected] Vendor Homepage: http://www.leagueoflegends.com Software Link: screensaver.euw.leagueoflegends.com/enUS...

AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...