133 matches found
PDFTron SDK 资源管理错误漏洞
PDFTron SDK is a very comprehensive MS Office and PDF software development kit SDK from PDFTron Canada. A security vulnerability exists in PDFTron SDK 9.2.0, which stems from the fact that a carefully crafted PDF can overwrite the RIP with data previously allocated on the heap...
GSD-2021-1001084 powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
powerpc/perf: Fix crash in perfinstructionpointer when ppmu is not set This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
CVE-2021-22545
An attacker can craft a specific IdaPro .i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7...
CVE-2021-22545 Use-after-free in BinDiff
An attacker can craft a specific IdaPro .i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7...
CVE-2020-13995
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...
Buffer overflow
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Date: 2019-09-22 Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro...
CVE-2019-12894
Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b...
CVE-2019-12897
Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074...
CVE-2019-12897
CVE-2019-12897 affects Edraw Max 7.9.3. The vulnerability is described as a Read Access Violation at the Instruction Pointer triggered after a call from ObjectModule!Paint::Clear+0x... (address provided). Connected sources corroborate this description across multiple feeds; no additional technica...
CVE-2019-12894
Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b...
CVE-2019-12894
CVE-2019-12894 affects Alternate Pic View 2.600 and describes a Read Access Violation at the Instruction Pointer triggered after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b. The CVE is corroborated by multiple sources (Red Hat, NVD, CVE List, CVELIST) and linked entries, but the con...
PT-2018-19371
Name of the Vulnerable Software and Affected Versions SC version 7.16 Description A stack-based buffer overflow allows local attackers to execute arbitrary code by providing oversized input that exceeds buffer boundaries. By crafting malicious input strings larger than 1052 bytes, an attacker can...
VX Search Enterprise 9.7.18 - Local Buffer Overflow
VX Search Enterprise 9.7.18 - Local Buffer Overflow import os import struct author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: VX Search Enterprise v9.7.18 Import Local Buffer Overflow Vuln. Date: 2017.06.15 Exploit Author: Greg Priest Versio...
FreeBSD : xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation (49211361-ba4d-11e6-ae1b-002590263bf5)
The Xen Project reports : When emulating HVM instructions, Xen uses a small i-cache for fetches from guest memory. The code that handles cache misses does not check if the address from which it fetched lies within the cache before blindly writing to it. As such it is possible for the guest to...
shopify-scripts: Struct type confusion RCE
Heya! I've been poking at mruby a bit more and I've found a vulnerability that allows an attacker to take control of the instruction pointer. I've attached a proof of concept script that when run in mruby will jump to 0x0000133713371337 and segfault. While the proof of concept script just jumps t...
Xen Multiple Vulnerabilities (XSA-186, XSA-187)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities : - A flaw exists due to improper handling of instruction pointer truncation when emulating HVM instructions. An attacker on the guest can exploit this to gain...
CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation...
CVE-2016-7093
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation...
x86: Mishandling of instruction pointer truncation during emulation
ISSUE DESCRIPTION When emulating HVM instructions, Xen uses a small i-cache for fetches from guest memory. The code that handles cache misses does not check if the address from which it fetched lies within the cache before blindly writing to it. As such it is possible for the guest to overwrite...