2083 matches found
Node.js TLSWrap Use-After-Free
Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...
Node.js TLSWrap Use-After-Free Vulnerability
Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...
CVE-2020-28912
Disclaimer: This data contains information about vulnerable...
MariaDB Security Vulnerabilities
MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in mariadb that stems from a named pipe permission issue on Windows...
tcpdump: Buffer over-read in print_trans() function in print-smb.c
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:printtrans for \MAILSLOT\BROWSE and \PIPE\LANMAN...
stromnesspipeband.co.uk Cross Site Scripting vulnerability OBB-1370774
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
The Return of Raining SYSTEM Shells with Citrix Workspace app
TL;DR Back in July I documented a new Citrix Workspace vulnerability that allowed attackers to remotely execute arbitrary commands under the SYSTEM account. Well after some further investigation on the initial fix I discovered a new vector that quite frankly should not exist at all since the...
Windows Inject Reflective PE Files, Windows x64 Bind Named Pipe Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Windows x86 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Windows x86 Bind Named Pipe Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Denial Of Service (DoS)
The SMB parser in tcpdump is vulnerable to denial of service. A buffer over-read in print-smb.c:printtrans for \MAILSLOT\BROWSE and \PIPE\LANMAN allows an attacker to crash the application...
Raining SYSTEM Shells with Citrix Workspace app
TL;DR Citrix Workspace is vulnerable to a remote command execution attack running under the context of the SYSTEM account. By sending a crafted message over a named pipe and spoofing the client process ID, the Citrix Workspace Updater Service can be tricked into executing an arbitrary process und...
Exploit for CVE-2017-0144
This is a PoC exploit for CVE-2017-0144, a remote code execution vulnerability in Windows. The exploit targets Windows 2000 and later versions. It does not require Python installation, as it is built with Pyinstaller. The exploit implements a few options, such as username/password specification a...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1746)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Insufficient Verification of Data Authenticity in Foxitsoftware Phantompdf
CVE-2020-11492 Proof-of-Concept PoC for Docker Desktop for...
pipe-brothers.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1190577 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2020-11492
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service which runs as SYSTEM, and then impersonate their privileges...
CVE-2020-11492
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service which runs as SYSTEM, and then impersonate their privileges...
CVE-2020-11492
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service which runs as SYSTEM, and then impersonate their privileges...