Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

0day.today
0day.todayadded 2019/07/10 12:0 a.m.28 views

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

0.5AI score
Exploits0
Exploit DB
Exploit DBadded 2019/01/18 12:0 a.m.48 views

Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion

NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. In the PoC, it overwrites the pointer to property...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2019/01/18 12:0 a.m.11 views

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion

Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...

0.3AI score
Exploits0
0day.today
0day.todayadded 2018/05/23 12:0 a.m.81 views

Microsoft Edge Chakra JIT - Magic Value Type Confusion Exploit

Exploit for windows platform in category dos / poc / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...

7.8AI score0.76997EPSS
Exploits5
exploitpack
exploitpackadded 2018/05/22 12:0 a.m.7 views

Microsoft Edge Chakra JIT - Magic Value Type Confusion

Microsoft Edge Chakra JIT - Magic Value Type Confusion / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...

0.5AI score
Exploits0
0day.today
0day.todayadded 2017/11/26 12:0 a.m.37 views

Microsoft Edge Chakra JIT Incorrect Function Declaration Scope Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect function declaration scope CVE-2017-11870 In the following JavaScript code, both of the print calls must print out "undefined" because of "x" is a formal parameter. But the second print call prints out...

7.6CVSS7.5AI score0.80398EPSS
Exploits17
Rows per page
Query Builder