macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PFKEY due to Lack of Bounds Checking when Retrieving Statistics / Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently...

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability

macOS 10.13 17A365 - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability / AppleIntelCapriController::getDisplayPipeCapability reads an attacker-controlled dword value from a userclient structure input buffer which it uses to index a smal...

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriCon

Exploit for macOS platform in category dos / poc / AppleIntelCapriController::getDisplayPipeCapability reads an attacker-controlled dword value from a userclient structure input buffer which it uses to index a small array of pointers to memory to copy back to userspace. There is no bounds checkin...

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig

Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to ind...

Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code...

cdp buffer overflow vulnerability

Product: cdp - console cd player Versions: All Bug: Buffer overflow Impact: Attackers can execute arbitrary code Risk: Medium/High Date: March 31, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction cdp is... "cdp is a program that plays CDs at the...

Twilight WebServer 1.3.3.0 - GET Buffer Overflow

// source: https://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code execution may be possible. /...

Essentia Web Server 2.1 - URL Remote Buffer Overflow

Essentia Web Server 2.1 - URL Remote Buffer Overflow // source: https://www.securityfocus.com/bid/4159/info Essentia Web Server is a multi-threaded HTTP server designed for Microsoft Windows and Linux environments. Essentia is maintained by Essen. Essentia is prone to a remote denial of service...

HP CIFS9000 Server A.01.05A.01.06 - Local Buffer Overflow

HP CIFS9000 Server A.01.05A.01.06 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/5088/info A vulnerability has been reported in the /opt/cifsclient/bin/cifslogin utility distributed with CIFS/9000. The utility is prone to several buffer overflow conditions and may lead to ro...

Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of bounds checking on a strcpy call...