CVE-2016-10395

In FlexNet Publisher versions before Luton SP1 11.14.1.1 running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute...

CVE-2016-10395

CVE-2016-10395 affects FlexNet Publisher Licensing Service on Windows (before Luton SP1, 11.14.1.1). A boundary error in a named pipe within the Licensing Service can cause an out-of-bounds memory read, enabling arbitrary code execution with SYSTEM privileges. Connected documents corroborate the ...

Samba is_known_pipename() Code Execution

!/usr/bin/perl -w Remote Samba isknownpipename 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. Exploit By NA , NAattutanota.com The orginal bug was discovered by steelo CVE-2017-7494 https://www.samba.org/samba/security/CVE-2017-7494.html Tested on Samba 4.5.8-Debian Requirments for this exploit to run: perl...

Samba Vulnerability CVE-2017-7494

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host. Samba is used to provide SMB and CIFS services for Linux systems, and is...

DEBIAN-CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

LG G4 MRA58K - mkvparser::Tracks constructor Failure to Initialise Pointers Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks doesn't handle parsing failures correctly. If we look at the function...

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1007)

According to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting...

Artifex Ghostscript Remote Command Execution Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. Artifex Ghostscrip...

Update for Windows Server 2008 and Windows Vista (KB3217877)

Update for Windows Server 2008 and Windows Vista KB3217877 Issues that are fixed This update fixes the following issue: When you use the fre ad function to read data from a pipe in Windows Vista Service Pack 2, the runtime program may omit line feed LF characters between lines and cause corrupted...

Apple macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption

Apple macOS Kernel 10.12.3 16D32 - auditpipeopen Off-by-One Memory Corruption / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major...

Cimetrics BACstac 6.2f - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 6.2f Summary: BACstac belongs to product BACstacTM Networking Software and was developed ...

DEBIAN-CVE-2017-5550

Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...

CVE-2017-5550

Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...

CVE-2017-5550

Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...

UBUNTU-CVE-2017-5550

Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...

CVE-2017-5550

Off-by-one error in the pipeadvance function in lib/ioviter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision...

kernel: pipe: limit the per-user amount of pages allocated in pipes

It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit...

Viscosity For Windows 1.6.7 Privilege Escalation

Viscosity for Windows 1.6.7 Privilege Escalation 30 Jan 2017 Homepage: https://www.sparklabs.com/ Description: ViscosityService runs as SYSTEM process. wmic service where name="ViscosityService" get StartName StartName LocalSystem Viscosity.exe contacts with service using named pipe. Only files...

[SECURITY] Fedora 24 Update: botan-1.10.14-3.fc24

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python wlanautoconfig-poc.py Windows WLAN AutoConfig Named Pipe POC Jeremy Brown jbrown3264/gmail Dec 2016 wifinetworkmanager.dll!FatalErrorchar const ,unsigned long,char const , ... AsyncPipe::ReadCompletedCallbackvoid...