Oracle IOT IX SDK libvs_pdf XRef Index Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0086 Oracle IOT IX SDK libvspdf XRef Index Code Execution Vulnerability April 19, 2016 CVE Number CVE-2016-3455 DESCRIPTION A vulnerability in PDF parser of the IX SDK exists that allows an out of bounds heap memory overwrite potentially leading to remote cod...

Internet Bug Bounty: Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack

See my official writeups here: http://bugs.python.org/issue25944 http://bugs.python.org/issue25945 The maintainers merged these bug reports. In one case, the type confusion leads to a reliable control of the instruction pointer as calling repr on a corrupted partial calls a function pointer that ...

Null pointer dereference

The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer...

PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability

No description provided by source. $Id: pcvuefunc.rb 13889 2011-10-12 10:57:31Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability

This module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject or LoadObject, an attacker can overwrite a function pointer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD

Exploit for windows platform in category remote exploits $Id: pcvuefunc.rb 13889 2011-10-12 10:57:31Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...