2623 matches found
WebKit JSC Incorrect Scope Register Handling
WebKit: JSC: Incorrect scope register handling in DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry CVE-2017-7018 Here's a snippet of DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry. void flushInlineStackEntry inlineStackEntry ... if mgraph.needsScopeRegister...
WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling
scopeRegister; mcodeBlock| instead of |mcodeBlock|. But it doesn't. As a result, the scope register of |inlineStackEntry-mcodeBlock| may have an incorrect offset in the stack layout phase. PoC: -- function f function eval'1'; f; ; throw 1; f;...
scopeofpain.com XSS vulnerability
Vulnerable URL: https://www.scopeofpain.com/login/index.php?certificate=1"...
Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check(CVE-2017-2531)
WebKit: JSC: incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...
Over 8,600 Vulnerabilities Found in Pacemakers
"If you want to keep living, Pay a ransom, or die." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could...
WebKit JSC BindingNode::bindValue Failed Reference Count Increase
WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count CVE-2017-2505 Here's a snippet of BindingNode::bindValue. void BindingNode::bindValueBytecodeGenerator& generator, RegisterID value const ... RegisterID scope = generator.emitResolveScopenullptr, var;...
NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities - us
Lenovo Security Advisory: LEN-10962 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-7382, CVE-2016-7389 Summary Description: The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities. CVE-2016-7382...
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...
Chrome Universal XSS by polluting private scripts with named properties (CVE-2017-5008)
VULNERABILITY DETAILS When a private script method is invoked, a ScriptForbiddenScope::AllowUserAgentScript scope is set up to allow running the internal script. It is possible to exploit this scope to execute user code here: static v8::Local compileAndRunPrivateScriptScriptState scriptState,...
Oracle E-Business Suite 12.2.3 SQL Injection
Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...
CVE-2017-7269 a few tips and BUG fixes-vulnerability warning-the black bar safety net
Seen the analysis, to talk about the use of a few tips. 1. Vulnerability scope The original poc above wrote only applies to the 03 r2, in fact, the most common of 03 sp2 can also be directly reproduced, so it seems that the attack range is very large, after all, the domestic selling most of the 0...
dlplibs: Stack-use-after-scope in libmspub::MSPUBCollector::paintShape
Detailed report: https://oss-fuzz.com/testcase?key=6536301065011200 Project: dlplibs Fuzzer: afldlplibspubfuzzer Fuzz target binary: pubfuzzer Job Type: aflasandlplibs Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7fe2cf0ca9f0 Crash State:...
libmspub: Stack-use-after-scope in libmspub::MSPUBCollector::paintShape
Detailed report: https://oss-fuzz.com/testcase?key=4867319689904128 Project: libmspub Fuzzer: afllibmspubpubfuzzer Fuzz target binary: pubfuzzer Job Type: aflasanlibmspub Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7f23248bf9f0 Crash State:...
Broadcom: Stack buffer overflow when parsing CCKM reassociation response(CVE-2017-6957)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...
Local Privilege Escalation or Denial of Service via the Intel® Graphics Driver
Lenovo Security Advisory: LEN-7484 Potential Impact: Local privilege escalation or denial of service Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-5647 Summary Description: Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows. These...
CVE-2016-0202
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain...
Q&A: Web Application Security Scanning with Netsparker
Q&A with Huseyin Tufekcilerli, the lead developer of Netsparker Desktop web application security scanner More than 70% of all cyber breaches involve web applications, and almost 90% organizations believe their application security programs need to be improved. Web application security has risen t...
LocalTapiola: Creating arbitrary cookies values /cs/CookieServer (www.lahitapiola.fi)
Issue The reporter was able to inject http-headers to set custom cookies in the response. The cookie scope was .lahitapiola.fi. /cs/CookieServer.The report contained a thorough PoC and appropriate screenshots which assisted the triaging process. Fix The issue was investigated and found to be vali...