Debian 9 ntfs-3g - Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects:...

ntfs-3g (Debian 9) - Local Privilege Escalation

ntfs-3g Debian 9 - Local Privilege Escalation !/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects: Debian 9/8/...

ntfs-3g (Debian 9) - Local Privilege Escalation

!/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects: Debian 9/8/7, Ubuntu, Gentoo, others @" echo "@ Tested:...

Debian: Security Advisory (DSA-3780-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Patches Critical Flaw in WebEx Chrome Plugin

A vulnerability in the Cisco WebEx Chrome Plugin, used by tens of millions for web conferencing in business environments, exposed computers to remote code execution. Cisco has begun releasing updates that patch the flaw, details of which were disclosed Monday by Google Project Zero researcher Tav...

Using the Nintendo's 6502 processor instruction for Desktop Linux systems to exploit-vulnerability warning-the black bar safety net

gstreamer 0.10. x player NSF format of the music file when a vulnerability exists and a separate logic errors. A combination of both, you can achieve the very stability of the exploit method, and can bypass the 64-bit ASLR, DEP and so on. The so-called stable because the music player available in...

Two New Edge Exploits Integrated into Sundown Exploit Kit

Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosed by a Texas startup was integrated into the Sundown Exploit Kit. The proof-of-concept exploit was developed by Theori, a research and development firm in Austin, which opened its doors...

Chrome OS exploit: one byte overflow and symlinks

The following article is an guest blog post from an external researcher i.e. the author is not a Project Zero or Google researcher. This post is about a Chrome OS exploit I reported to Chrome VRP in September. The Project Zero folks were nice to let me do a guest post about it, so here goes. The...

DSA-3733-1 apt - security update

Bulletin has no description...

Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass

Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser. James Forshaw, a researcher with Google’s Project Zero first reported the issue in December 2014. Microsoft responded to...

Microsoft Edge - Array.filter Info Leak Vulnerability

Exploit for windows platform in category dos / poc var b = new Array1,2,3; var d = new Array1,2,3; class dummy constructor alert"in constructor"; return d; class MyArray extends Array // Overwrite species to the parent Array constructor static get Symbol.species alert"get";...

Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Android Stagefright MP4 tx3g Integer Overflow", 'Description' = %q This module exploits a integer overflow vulnerability in the...

On Schneier's DDoS Article, OS X Malware Detection, and Patches

Mike Mimoso and Chris Brook discuss the news of the week, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize. Download: ThreatpostNewsWrapSeptember162016.mp3 Music by Chris Gonsalves...

flashplugin: multiple issues

CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...

lib32-flashplugin: multiple issues

CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced by Google’s Project Zero research team, th...

The Project Zero Contest — Google will Pay you $200,000 to Hack Android OS

Why waiting for researchers and bug hunters to know vulnerabilities in your products, when you can just throw a contest for that. Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash. That's a Hefty Sum! The contest is a way to find and destro...

Kaspersky Lab Bug Bounty Program Launches

LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said tha...

LastPass Patches Ormandy Remote Compromise Flaw

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serio...

Symantec AntiVirus - TNEF Decoder Integer Overflow

Symantec AntiVirus - TNEF Decoder Integer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=819 Simple fuzzing found an integer overflow in the dec2tnef library. This allocation from Attachment::setDataFromAttachment doesn't verify that the attacker controlled value doesn...