CVE-2020-25464

Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger...

Moddable SDK Buffer Error Vulnerability

Moddable SDK is a set of software development kits SDKs for embedded software development for the Internet of Things from Moddable, Inc. in the United States. A buffer error vulnerability exists in versions prior to Moddable SDK 20200903, which stems from a moddable/xs/sources/xsDebug.c heap buff...

Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)

Title: Windows\x86 - Null-Free WinExec Calc.exe Shellcode 195 bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 start: ; Create a new stack frame mov ebp, esp ; Set base stack pointer for new stack-frame sub esp, 0x20 ...

CVE-2019-15683

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity...

CVE-2019-11412

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service invalid stack-frame jump because it lacks an ENDTRY opcode call...

CVE-2019-11412

CVE-2019-11412 affects Artifex MuJS 1.0.5 where jscompile.c can trigger a denial of service due to an invalid stack-frame jump from a missing ENDTRY opcode call. The issue is described in the CVE entry; public remediation references indicate newer MuJS releases (e.g., MuJS 1.0.9) addressing the v...

Format string

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

Microsoft Edge Chakra CFG Bypass By Overwriting JavaScript Bytecode Vulnerability

Chakra suffers from a CFG bypass by overwriting JavaScript bytecode. Chakra: CFG bypass by overwriting JavaScript bytecode Assume an attacker has the ability to overwrite Chakra's bytecode, either through a read/write primitive or through an overflow type vulnerability. Let's take a look at the...

Foscam IP Video Camera Stack Buffer Overflow Vulnerability

Foscam IP Video Camera is a wireless HD IP camera from Foscam China. A stack buffer overflow vulnerability exists in the web management interface in the Foscam IP Video Camera. An attacker can exploit this vulnerability by sending an HTTP request to the device to overwrite data on an arbitrary...

Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...

CVE-2017-2805

An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send ...

Vulnerability discovery based format string-vulnerability warning-the black bar safety net

Format string vulnerability is a very old vulnerability, now almost has to see such vulnerability of the figure, but as a vulnerability analysis of the beginners, still it is necessary to study, because it is the basis!!! So there is today this article. My articles are written well,will you come...

The poisoned NUL byte, 2014 edition

Posted by Chris Evans, Exploit Writer Underling to Tavis Ormandy Back in this 1998 post to the Bugtraq mailing list, Olaf Kirch outlined an attack he called “The poisoned NUL byte”. It was an off-by-one error leading to writing a NUL byte outside the bounds of the current stack frame. On i386...

File(1) <= 4.13 Command File_PrintF Integer Underflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23021/info The file1 command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data. An attacker can leverage this issue to corrupt heap memory and execute arbitra...

Exim Buffer 1.6.2/1.6.51 Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1859/info A potential local root yielding buffer overflow vulnerability exists in Exim mail client version 1.62. A buffer used in processing filenames of message attachments can be overflowed by a maliciously-formed...

BNC 2.2.4/2.4.6/2.4.8 IRC Proxy Buffer Overflow Vulnerability (1)

No description provided by source. / source: http://www.securityfocus.com/bid/1927/info BNC's IRC Proxy is used as a gateway to an IRC server. A buffer stores a username which arguments the program's USER command. User-supplied input to this buffer is improperly checked for length. As a result, t...

LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2406/info At least one version of LICQ is vulnerable to a remote buffer overflow. By sending many characters 12000-16000 to the port on which LICQ is listening, an attacker can cause excessive data to be copied onto the...