Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8645)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...

Denial Of Service (DoS) Through Memory Leak

ImageMagick is vulnerable to denial of service DoS attacks. A malicious user can pass a JNG image to the application to cause a memory leak, causing the application to run out of memory and crash...

SMBLoris Denial Of Service

PoC runs under Linux: https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e https://twitter.com/marcan42/status/892706927720808449 https://twitter.com/marcan42/status/892716247502082051 https://twitter.com/marcan42/status/892785957849645056 Original disclosure: https://smbloris.com/...

CVE-2017-11411

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350...

CVE-2017-8486

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure...

WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1165 Here's a snippet of JSObject::ensureLength. bool WARNUNUSEDRETURN ensureLengthVM& vm, unsigned length ASSERTlength vectorLength publicLength setPublicLengthlength; return result; |setPublicLength| is called whether...

FreeBSD : asterisk -- Memory exhaustion on short SCCP packets (fab87bff-3ce5-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with 'chanskinny' enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packe...

CVE-2017-0266

CVE-2017-0266 maps to a Microsoft Edge remote code execution vulnerability. The issue arises from the scripting engine’s handling of in‑memory objects, enabling an attacker to execute arbitrary code in the context of the current user if a user visits a crafted page. The vulnerability affects Micr...

Windows Uniscribe Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the...

Out-of-bounds

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an...

Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems

Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download. “Th...

Microsoft Graphics Component Multiple Vulnerabilities (3204066)

This host is missing a critical security update according to Microsoft Bulletin MS16-146. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2016-7531

MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds write via a crafted PDB file...

Adobe Reader Use After Free (APSB16-14: CVE-2016-1049)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted application on 1 a system with more than 32 Gb of memory, related to the program reference...

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted application on 1 a system with more than 32 Gb of memory, related to the program reference...

Adobe Reader DC Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AcroForm...

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

USN-2283-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Michael S. Tsirkin discovered an information leak in the Linux kernel's...

Deepburner pro 1.9.0.228 dbr file Buffer Overflow Exploit (Universal)

No description provided by source. / Deepburner pro 1.9.0.228 dbr file buffer overflow exploituniversal This is buffer: header 253 bytes + junk+ next seh + seh addr + tail 957 bytes dbr/dbi file Date: 29.01.2010 Dicovery Credits: fl0 fl0w Exploit Credits : fl0 fl0w ?Download latest vuln vs from:...