Python 2.7 hotshot Module - pack_string Heap Buffer Overflow (PoC)

Python 2.7 hotshot Module - packstring Heap Buffer Overflow PoC Title: Python 2.7 hotshot packstring Heap Buffer Overflow Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-hotshot-packstring-Heap-Buffer-Overflow Url2: http://bugs.python.org/issue24481 Resolution:...

Python 2.7 array.fromstring Use After Free Vulnerability

Python 2.7 array.fromstring method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring call. Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch email protected Url1:...

Python 2.7 Hotshot pack_string Heap Buffer Overflow

Title: Python 2.7 hotshot packstring Heap Buffer Overflow Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-hotshot-packstring-Heap-Buffer-Overflow Url2: http://bugs.python.org/issue24481 Resolution: Fixed The Python 2.7 hotspot module suffer from a heap buffer...

Python 2.7 Hotshot pack_string Heap Buffer Overflow Vulnerability

Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the packstring function at line 633. Title: Python 2.7 hotshot packstring Heap Buffer Overflow Credit: John Leitch email protected Url1:...

Android libstagefright - Integer Overflow Remote Code Execution

Exploit for Android platform in category remote exploits !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00' heap groomin...

Google Android - libstagefright Integer Overflow Remote Code Execution

Google Android - libstagefright Integer Overflow Remote Code Execution !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00...

Microsoft Office 2007 - Malformed Document Stack Buffer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1 The following access violation was observed in Microsoft Office 2007 Word document: e24.e28: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

Microsoft Office 2007 - Malformed Document Stack Buffer Overflow

Microsoft Office 2007 - Malformed Document Stack Buffer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1 The following access violation was observed in Microsoft Office 2007 Word document: e24.e28: Access violation - code c0000005 first chance First...

TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow (PoC)

TestDisk 6.14 - CheckOS2MB Stack Buffer Overflow PoC , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. TestDisk 6.14 CheckOS2MB Stack Buffer Overflow Affected versions: TestDisk 6.14 - Linux, Windows...

TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. TestDisk 6.14 CheckOS2MB Stack Buffer Overflow Affected versions: TestDisk 6.14 - Linux, Windows and Mac OSX PDF:...

Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security

-= Advanced Information Security Corporation =- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email: lem.nikolas at gmail dot com Audit: OpenSSL v1.0.2 22nd of January, 2015 Release...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

UBUNTU-CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

Debian DSA-3150-1 : vlc - security update

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer : - CVE-2014-9626 The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy. This...

From the source perspective on the ntpd stack buffer overflow vulnerability(CVE-2 0 1 4-9 2 9 5)analysis-vulnerability warning-the black bar safety net

Recently, the ntp's official website released a Update Patch: A total of 6 vulnerabilities 4 CVE number, both of Google Security Team found and submitted. Wherein the CVE-2 0 1 4-9 2 9 5 includes a 3 stack overflow: a This article from the source code perspective, these three stack overflow,...

BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits !/usr/bin/env ruby Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Exploit Date: Dec 03 2014 Vulnerability Discovery: Gabor Seljan Exploit Author: Muhamad Fadzil Ramli Software Link: http://www.bpftp.com/ Version: 2010.75.0....

BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)

!/usr/bin/env ruby Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Exploit Date: Dec 03 2014 Vulnerability Discovery: Gabor Seljan Exploit Author: Muhamad Fadzil Ramli Software Link: http://www.bpftp.com/ Version: 2010.75.0.76 Tested on: Microsoft Windows XP SP3 EN Version 5.1.26...

CVE-2011-2702

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to 1 memcpy-ssse3-rep.S, 2 memcpy-ssse3.S, or 3 memset-sse2.S ...

CVE-2011-2702

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to 1 memcpy-ssse3-rep.S, 2 memcpy-ssse3.S, or 3 memset-sse2.S ...

CVE-2011-2702

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to 1 memcpy-ssse3-rep.S, 2 memcpy-ssse3.S, or 3 memset-sse2.S ...