Lucene search
K

2623 matches found

Packet Storm
Packet Storm
added 2017/07/25 12:0 a.m.40 views

WebKit JSC Incorrect Scope Register Handling

WebKit: JSC: Incorrect scope register handling in DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry CVE-2017-7018 Here's a snippet of DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry. void flushInlineStackEntry inlineStackEntry ... if mgraph.needsScopeRegister...

6.8CVSS0.2AI score0.07038EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/07/25 12:0 a.m.34 views

WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling

scopeRegister; mcodeBlock| instead of |mcodeBlock|. But it doesn't. As a result, the scope register of |inlineStackEntry-mcodeBlock| may have an incorrect offset in the stack layout phase. PoC: -- function f function eval'1'; f; ; throw 1; f;...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/07/01 4:1 p.m.11 views

scopeofpain.com XSS vulnerability

Vulnerable URL: https://www.scopeofpain.com/login/index.php?certificate=1"...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/21 4:36 a.m.5 views

Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS7.4AI score0.02665EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/06/14 7:51 a.m.4 views

Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS7.4AI score0.02665EPSS
Exploits0References5
seebug.org
seebug.org
added 2017/06/06 12:0 a.m.39 views

WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check(CVE-2017-2531)

WebKit: JSC: incorrect check in emitPutDerivedConstructorToArrowFunctionContextScope When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...

6.8CVSS8.1AI score0.06566EPSS
Exploits3
The Hacker News
The Hacker News
added 2017/06/05 11:34 a.m.9 views

Over 8,600 Vulnerabilities Found in Pacemakers

"If you want to keep living, Pay a ransom, or die." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/25 12:0 a.m.39 views

WebKit JSC BindingNode::bindValue Failed Reference Count Increase

WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count CVE-2017-2505 Here's a snippet of BindingNode::bindValue. void BindingNode::bindValueBytecodeGenerator& generator, RegisterID value const ... RegisterID scope = generator.emitResolveScopenullptr, var;...

7.5AI score0.01567EPSS
Exploits2
Lenovo
Lenovo
added 2017/04/27 12:0 a.m.65 views

NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities - us

Lenovo Security Advisory: LEN-10962 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-7382, CVE-2016-7389 Summary Description: The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities. CVE-2016-7382...

7.2CVSS7.6AI score0.00423EPSS
Exploits0
Exploit DB
Exploit DB
added 2017/04/25 12:0 a.m.141 views

Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

9.1CVSS9.3AI score0.15784EPSS
Exploits5
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.39 views

Chrome Universal XSS by polluting private scripts with named properties (CVE-2017-5008)

VULNERABILITY DETAILS When a private script method is invoked, a ScriptForbiddenScope::AllowUserAgentScript scope is set up to allow running the internal script. It is possible to exploit this scope to execute user code here: static v8::Local compileAndRunPrivateScriptScriptState scriptState,...

4.3CVSS7.7AI score0.01221EPSS
Exploits1
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.178 views

Oracle E-Business Suite 12.2.3 SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

0.15784EPSS
Exploits5
myhack58
myhack58
added 2017/04/07 12:0 a.m.262 views

CVE-2017-7269 a few tips and BUG fixes-vulnerability warning-the black bar safety net

Seen the analysis, to talk about the use of a few tips. 1. Vulnerability scope The original poc above wrote only applies to the 03 r2, in fact, the most common of 03 sp2 can also be directly reproduced, so it seems that the attack range is very large, after all, the domestic selling most of the 0...

10CVSS9.3AI score0.99823EPSS
Exploits39
ossfuzz
ossfuzz
added 2017/04/06 3:52 p.m.13 views

dlplibs: Stack-use-after-scope in libmspub::MSPUBCollector::paintShape

Detailed report: https://oss-fuzz.com/testcase?key=6536301065011200 Project: dlplibs Fuzzer: afldlplibspubfuzzer Fuzz target binary: pubfuzzer Job Type: aflasandlplibs Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7fe2cf0ca9f0 Crash State:...

7AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2017/03/30 4:39 a.m.17 views

libmspub: Stack-use-after-scope in libmspub::MSPUBCollector::paintShape

Detailed report: https://oss-fuzz.com/testcase?key=4867319689904128 Project: libmspub Fuzzer: afllibmspubpubfuzzer Fuzz target binary: pubfuzzer Job Type: aflasanlibmspub Platform Id: linux Crash Type: Stack-use-after-scope READ 8 Crash Address: 0x7f23248bf9f0 Crash State:...

7AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2017/03/28 12:0 a.m.43 views

Broadcom: Stack buffer overflow when parsing CCKM reassociation response(CVE-2017-6957)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...

6.8CVSS8.6AI score0.04588EPSS
Exploits3
Lenovo
Lenovo
added 2017/03/09 12:0 a.m.57 views

Local Privilege Escalation or Denial of Service via the Intel® Graphics Driver

Lenovo Security Advisory: LEN-7484 Potential Impact: Local privilege escalation or denial of service Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-5647 Summary Description: Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows. These...

4.6CVSS7.6AI score0.00604EPSS
Exploits2
OSV
OSV
added 2017/02/08 10:59 p.m.3 views

CVE-2016-0202

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain...

3.3CVSS5.7AI score0.00337EPSS
Exploits0References2
n0where
n0where
added 2017/02/02 7:57 p.m.27 views

Q&A: Web Application Security Scanning with Netsparker

Q&A with Huseyin Tufekcilerli, the lead developer of Netsparker Desktop web application security scanner More than 70% of all cyber breaches involve web applications, and almost 90% organizations believe their application security programs need to be improved. Web application security has risen t...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2016/12/20 4:42 a.m.25 views

LocalTapiola: Creating arbitrary cookies values /cs/CookieServer (www.lahitapiola.fi)

Issue The reporter was able to inject http-headers to set custom cookies in the response. The cookie scope was .lahitapiola.fi. /cs/CookieServer.The report contained a thorough PoC and appropriate screenshots which assisted the triaging process. Fix The issue was investigated and found to be vali...

1.9AI score
Exploits0
Rows per page
Query Builder