Windows Exploit development tutorial series--stack injection a-vulnerability warning-the black bar safety net

! Foreword Welcome to the heap spray tutorial the first part. This Part I will introduce the IE under typical heap spray technique, the second part will introduce the precise injection and IE8 under UAF vulnerabilities. It is worth mentioning that, the stack injection is just a payload Delivery...

Microsoft Internet Explorer 8 Javascript RegExpBase::FBadHeader Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the twelfth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these through...

Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...

FreeBSD : chromium -- multiple vulnerabilities (9d732078-32c7-11e5-b263-00262d5ed8ee)

Google Chrome Releases reports : 43 security fixes in this release, including : - 446032 High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. - 459215 High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. - 461858 High CVE-2015-1274: Settings allowed...

Use-after-free during HTML5 parsing — Mozilla

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open. This leads to a potentially exploitable crash...

Internet Explorer createTextRange() Code Execution

No description provided by source. $Id: ms06013createtextrange.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

NVR SP2 2.0 (nvUnifiedControl.dll 1.1.45.0) - SetText() Remote Exploit

No description provided by source. ------------------------------------------------------------------------------------------ PoC2 NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 SetText Remote BoF Heap Spray Technique url: http://www.acti.com/index.asp author:...

Linux/x86 Multi-Egghunter

No description provided by source. / Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined'...

Unreal Tournament Remote Buffer Overflow Exploit (SEH)

No description provided by source. Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all ut99 servers...

AIMP2 Audio Converter <= 2.53 build 330 Playlist (.pls) Unicode BOF

No description provided by source. !/usr/bin/python Author contact : seeleymagicathotmaildotcom For educational purposes only You have been warned My original crash breakdown: EAX 001B0020 UNICODE AAAAAAAAAAAAAAAAAAAA ECX 00000273 EDX 00000C4C EBX 00000000 ESP 0012DCA8 EBP 0012DD64 ESI 001B6610...

Sun Java Runtime New Plugin docbase Buffer Overflow

No description provided by source. $Id: javadocbasebof.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Debian DSA-2920-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2014-1730 A type confusion issue was discovered in the v8 JavaScript library. - CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. - CVE-2014-1732...

Google Fixes Five Bugs in Chrome 18

Google has fixed five security vulnerabilities in its Chrome browser, including three high-severity flaws. One of the less-severe vulnerabilities fixed in Chrome 18 is a race condition in the browser’s sandbox. This round of patches in Chrome is one of the rare occasions when the company didn’t...

Microsoft HTML Help 6.1 - Local Stack Overflow

Source: http://aluigi.org/adv/chm1-adv.txt Luigi Auriemma Application: Microsoft HTML Help http://www.microsoft.com Versions: = 6.1 Platforms: Windows any version included the latest Windows 7 Bug: stack overflow Date: 12 Apr 2011 found 20 Feb 2011 Author: Luigi Auriemma e-mail:...

CuteZip 2.1 - Local Buffer Overflow

CuteZip 2.1 - Local Buffer Overflow !/usr/bin/perl +Exploit Title: Exploit Buffer Overflow CuteZip 2.1 +Date: 02\12\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.globalscape.com/files/cutezip20b.exe +Version: 2.1 build 9.24.1 +Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN +CVE: N/A Comment i...

CuteZip 2.1 - Local Buffer Overflow

!/usr/bin/perl +Exploit Title: Exploit Buffer Overflow CuteZip 2.1 +Date: 02\12\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.globalscape.com/files/cutezip20b.exe +Version: 2.1 build 9.24.1 +Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN +CVE: N/A Comment in Brazilian Portuguese || || /...

Unreal Tournament - Remote Buffer Overflow (SEH)

Unreal Tournament - Remote Buffer Overflow SEH Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all...

Unreal Tournament Remote Buffer Overflow Exploit (SEH)

Exploit for windows platform in category remote exploits Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616...

Unreal Tournament Buffer Overflow

Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all ut99 servers without a patch. Tested on: win7...

Unreal Tournament - Remote Buffer Overflow (SEH)

Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all ut99 servers without a patch. Tested on: win7...