CVE-2018-10988

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRONAME/upgrade.sh or...

Carbon Black Cb Response Code Execution Vulnerability

Carbon Black Cb Response is a scalable endpoint security solution from Carbon Black USA. The solution provides threat monitoring, threat alerts and malicious domain lists. A security vulnerability exists in Carbon Black Cb Response. The vulnerability can be exploited by an attacker to bypass...

F-Secure XFENCE and Little Flocker Command Execution Vulnerabilities

F-Secure XFENCE formerly Little Flocker is a suite of file protection utilities from the Finnish company F-Secure. The program prevents unauthorized access to files and protects against computer security threats such as malware and Trojans. A security vulnerability exists in F-Secure XFENCE and...

Google Santa and molcodesignchecker Code Signing Vulnerabilities

Google Santa is a binary black/white listing system for macOS. molcodesignchecker is a program that performs code signature verification in Objective-C. A security vulnerability exists in Google Santa and molcodesignchecker. The vulnerability can be exploited by an attacker with a maliciously...

CVE-2018-10406

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

Microsoft Windows - POPMOV SS Privilege Escalation

Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...

Absolute Computrace Agent stub component code execution vulnerability

Absolute Computrace Agent is an agent program for monitoring computer systems. A security vulnerability exists in the stub component of Absolute Computrace Agent version 70.785, which can be exploited to allow the program to execute certain code without a digital signature. A remote attacker can...

CVE-2017-2499

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service memory...

CVE-2017-2499

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service memory...

Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC)

PS4 3.55 Unsigned Code Execution ============== This GitHub Repository contains all the necessary tools for getting PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55. This Exploit, is based-off Henkaku's WebKit Vulnerability for the Sony's PSVita. It includes bas...

Apple iOS code signature bypass vulnerability (CNVD-2015-05544)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a security vulnerability that allows malicious applications to execute unsigned code by exploiting a code signing flaw...

OS X < 10.10.x - Gatekeeper bypass Vulnerability

A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine. Exploit Title: OS X Gatekeeper bypass Vulnerability Date: 01-27-2015 Exploit Author:...

Apple iOS multiple security vulnerabilities

Information leakage, unsigned code execution, code execution, restrictions bypass, memory corruption...

Apple TV multiple security vulnerabilities

Memory corruptions, unsigned code execution, privilege escalation...

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Xbox 360 Hypervisor Privilege Escalation Vulnerability

Security Advisory Xbox 360 Hypervisor Privilege Escalation Vulnerability Release Date: February 28, 2007 Author: Anonymous Hacker [email protected] Timeline: Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug Nov 16, 2006 - proof of concept completed; unsigned...