21 matches found
CVE-2026-22778
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the...
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
EUVD-2019-13098
Malware in sbrugna...
welpwn
Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...
Nuuo Central Management Server User Session Token Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...
Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability
Summary A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a...
Unspecified Vulnerability in Mozilla Firefox and Mozilla Firefox ESR (CNVD-2020-02981)
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox ESR versions prior to 68.4 an...
GNU C Library Information Disclosure Vulnerability
The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A security vulnerability exists in glibc in the GNU C Library. An attacker can exploit the vulnerability to guess the heap address of the pthreadcreated thread...
CVE-2019-3459
A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1...
CVE-2019-3459
A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1...
CVE-2019-3459
A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1...
Google Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to that object...
Android - Binder Generic ASLR Leak Vulnerability
Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to th...
Google Android - Binder Generic ASLR Leak
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to that object in the server process is leaked to the...
Adobe Acrobat Pro DC Color Object Address Disclosure Vulnerability
This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
Microsoft Excel 200720102013 - BIFFRecord Use-After-Free
Microsoft Excel 200720102013 - BIFFRecord Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=462 The following crash was observed in Microsoft Excel 2007 running on Windows 2003 R2. This crash was also reproduced in Microsoft Excel 2010 on Windows 7 x86 and...
Samba < 3.6.2 x86 - PoC
Exploit for linux platform in category dos / poc !/usr/bin/python """ Exploit for Samba vulnerabilty CVE-2015-0240 by sleepya The exploit only targets vulnerable x86 smbd 3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName ServerName. That means 'talloczero' in libtalloc does no...
BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/env ruby Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Exploit Date: Dec 03 2014 Vulnerability Discovery: Gabor Seljan Exploit Author: Muhamad Fadzil Ramli Software Link: http://www.bpftp.com/ Version: 2010.75.0....
XSLT generate-id() function heap address leak — Mozilla
Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while...
PowerTCP FTP Module - Multiple Techniques (SEH HeapSpray)
PowerTCP FTP Module - Multiple Techniques SEH HeapSpray !-- PowerTCP FTP module Multiple Technique Exploit SEH Overwrite + HeapSpray bug originally found by : Intel http://www.milw0rm.com/exploits/6793 I use Intel's exploit , but IE change unASCII bytes and it doesn't work! my system is XP SP2 IE...