EUVD-2013-2866

Malware in sbrugna...

EUVD-2011-1793

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-2927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before...

Apple Safari HTMLFormElement Improper Validation of Array Index Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within HTMLFormElement...

Apple Safari HTMLFormElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within HTML forms. The iss...

WebKit HTMLFormElement Negative-Size Memmove

WebKit: Negative-size memmove in HTMLFormElement CVE-2017-2459 There is a negative-size memmove security vulnerability in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. PoC Note: It might take a couple of refresh...

WebKit: Negative-size memmove in HTMLFormElement (CVE-2017-2459)

There is a negative-size memmove security vulnerability in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. PoC Note: It might take a couple of refreshes to trigger the bug: function go var iframe =...

Apple WebKit - Negative-Size memmove in HTMLFormElement Exploit

Exploit for multiple platform in category dos / poc function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !--...

Apple WebKit - Negative-Size memmove in HTMLFormElement

function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !-- ================================================================= Preliminary...

Apple WebKit - Negative-Size memmove in HTMLFormElement

Apple WebKit - Negative-Size memmove in HTMLFormElement function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !--...

Apple WebKit: HTMLFormElement::reset() use-after free（CVE-2017-2362）

PoC: function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo Analysis: The bug is in HTMLFormElement::reset function, specifically in this part: for auto& associatedElement :...

Apple WebKit HTMLFormElement::reset() Use-After-Free

Apple WebKit: HTMLFormElement::reset use-after free. CVE-2017-2362 PoC: ================================================================= function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i f...

Apple WebKit - HTMLFormElement::reset() Use-After Free

Apple WebKit - HTMLFormElement::reset Use-After Free function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while...

Apple WebKit - HTMLFormElement::reset() Use-After Free Exploit

Exploit for macOS platform in category dos / poc function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while...

Apple WebKit - 'HTMLFormElement::reset()' Use-After Free

function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while massociatedElements vector is being iterated, its content ca...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

Integer overflow

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2011-1795

Removed by vendor...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...