Lucene search
+L
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2017/07/05 12:0 a.m.46 views

Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution

!/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1: 3c003200408add04308c04e3e0ae03b7774e4120 Download: http://www.lepide.com/lepideauditor/download.html Analysis:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/05 12:0 a.m.75 views

GoAutoDial CE 3.3 - Authentication Bypass / Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GoAutoDial 3.3 Authentication Bypass / Command Injection", 'Description' = %q This module exploits a SQL injection flaw in the login functionality...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/04 12:0 a.m.59 views

Joomla! 3.7 - SQL Injection

--==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 333333; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: Black...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/03 12:0 a.m.51 views

WordPress Plugin WatuPRO 5.5.1 - SQL Injection

Exploit Title: SQL Injection In WatuPRO WordPress Plugin to Create Exams, Tests and Quizzes Exploit Author: Manich Koomsusi Date: 03-07-2017 Software: WatuPRO Version: 5.5.1 Website: http://calendarscripts.info/watupro/ Tested on: WordPress 4.7.5 Software Link:...

9.8CVSS9.7AI score0.04069EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/07/03 12:0 a.m.70 views

OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution

Exploit Title: OpenDreamBox 2.0.0 - Plugin WebAdmin RCE Shodan Dork: "DreamBox" 200 ok" Date: 07/03/17 Exploit Author: Jonatas Fil Vendor Homepage: https://www.dreamboxupdate.com Software Link: https://www.dreamboxupdate.com/opendreambox/2.0.0 Version: 2.0.0 Vulnerabilty: Remote Command Execution...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/02 12:0 a.m.43 views

Zookeeper 3.5.2 Client - Denial of Service

!/usr/bin/python Exploit Title: Zookeeper Client Denial Of Service Port 2181 Date: 2/7/2017 Exploit Author: Brandon Dennis Email: [email protected] Software Link: http://zookeeper.apache.org/releases.htmldownload Zookeeper Version: 3.5.2 Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/07/01 12:0 a.m.53 views

Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download

!/usr/bin/python2 -- coding:utf-8 -- ''' GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright C 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public Licens...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.427 views

Odoo CRM 10.0 - Code Execution

Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value...

8.5CVSS6.7AI score0.0359EPSS
Exploits2
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.28 views

LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1226 There are three variants of the below crash, all of which stemming from an unbound copy into a fixed size stack buffer allocated in the function ASFParser::SetMetaData, used as an argument to each of the three calls to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.30 views

Google Chrome - Out-of-Bounds Access in RegExp Stubs

There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this check has been performed. This can cause inline fields,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.48 views

eVestigator Forensic PenTester - Man In The Middle Remote Code Execution

Exploit Title: eVestigator Forensic PenTester v1 - Remote Code Execution via MITM Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=penetrationtest.eVestigator.com Software Link: See APK archive websites Screenshot: Refer to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.101 views

Humax HG100R 2.0.6 - Backup File Download

coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests import subprocess def banner: print ''' ██░ ...

10CVSS9.7AI score0.02124EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.37 views

Australian Education App - Remote Code Execution

Exploit Title: Australian Education App - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser2.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=DCz0OqJzBI...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/30 12:0 a.m.36 views

BestSafe Browser - Man In The Middle Remote Code Execution

Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=VXNVzjsH0As...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/29 12:0 a.m.114 views

Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...

10CVSS7.4AI score0.71003EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/29 12:0 a.m.444 views

ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...

9.8CVSS9.8AI score0.98518EPSS
Exploits19
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.46 views

FreeBSD - 'FGPU' Stack Clash (PoC)

/ FreeBSDCVE-2017-FGPU.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License,...

7.8CVSS7.6AI score0.1534EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.42 views

FreeBSD - 'setrlimit' Stack Clash (PoC)

/ FreeBSDCVE-2017-1085.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later version. This...

7.8CVSS7AI score0.0185EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.36 views

FreeBSD - 'FGPE' Stack Clash (PoC)

/ FreeBSDCVE-2017-FGPE.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License,...

7.8CVSS7.6AI score0.1534EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.44 views

NetBSD - 'Stack Clash' (PoC)

/ NetBSDCVE-2017-1000375.c please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your opti...

9.8CVSS9.7AI score0.18923EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.146 views

Linux Kernel - 'offset2lib' Stack Clash

/ Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or a...

7.8CVSS7.8AI score0.02428EPSS
Exploits9
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.64 views

Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation

/ Solarisrsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or ...

7.8CVSS6AI score0.05989EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.170 views

OpenBSD - 'at Stack Clash' Local Privilege Escalation

/ OpenBSDat.c for CVE-2017-1000373 Copyright c 2017 Qualys, Inc. slowsort adapted from lib/libc/stdlib/qsort.c: Copyright c 1992, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted...

9.8CVSS8AI score0.1338EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.35 views

Easy File Sharing Web Server 7.2 - Unrestricted File Upload

2017/6/15 Chako EFS Web Server 7.2 Unrestricted File Upload Vendor Homepage: http://www.sharing-file.com Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web Server 7.2 Tested on: WinXP SP3 EFS Web Server 7.2 allows unauthoriz...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.41 views

Flat Assembler 1.7.21 - Local Buffer Overflow

!/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release What is FASM? Flat assembler is a fast, self-compilable assembly language compiler for the x86 and x86-64 architectur...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.78 views

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities

Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date published: 2017-06-28 Date of last update: 2017-06-28 Vendors...

10CVSS7AI score0.11265EPSS
Exploits8
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.27 views

Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)

!/usr/bin/python 2017/6/17 Chako EFS Web Server 7.2 - Local Buffer OverflowSEH Tested on: Windows XP SP3 EN DEP Off Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Description: When importing a large user account file on to EFS Web Server 7.2 will...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.1059 views

Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation

/ Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

7.8CVSS7.3AI score0.02733EPSS
Exploits17
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.1040 views

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation

/ Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under t...

7.8CVSS7.3AI score0.02733EPSS
Exploits16
Exploit DB
Exploit DB
added 2017/06/28 12:0 a.m.1529 views

Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation

/ Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the...

7.8CVSS7.3AI score0.02733EPSS
Exploits17
Exploit DB
Exploit DB
added 2017/06/27 12:0 a.m.62 views

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/27 12:0 a.m.66 views

GLPI 0.90.4 - SQL Injection

Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 Date: 2016/09/09 Exploit Author: Eric CARTER in/ericcarterengineer - CS c-s.fr Vendor Homepage: http://glpi-project.org Software Link: http://glpi-project.org/spip.php?article3 Version: 0.90.4 Tested on: GLPI 0.90.4 running on a...

7.5CVSS7.6AI score0.01603EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/06/27 12:0 a.m.63 views

WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection

Exploit Title: Ultimate Product Catalogue 4.2.2 Sql Injection – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ Software Link: https://wordpress.org/plugins/ultimate-product-catalogue/ Contact:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/27 12:0 a.m.34 views

Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP Request PassWD Buffer Overflow SEH Date: 19 June 2017 Exploit Author: clubjk Author Contact: [email protected] Vendor Homepage: http://www.sharing-file.com Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.33 views

Linux/x86 - Bind Shell Shellcode (75 bytes)

Linux/x86 - Bind Shell Shellcode 75 bytes. Shellcode exploit for Linx86 platform / Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes...

Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.57 views

IBM DB2 9.7/10.1/10.5/11.1 - Command Line Processor Buffer Overflow

''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL: http://www.defensecode.com/advisories/IBMDB2CommandLineProcessorBufferOverflow.pdf Software: IBM DB2 Version:...

7.3CVSS7.2AI score0.01489EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.59 views

Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Symantec Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of Symantec Messagi...

10CVSS7.4AI score0.72759EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.67 views

Eltek SmartPack - Backdoor Account

Eltek SmartPack - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: Eltek SmartPack Vendor: http://www.eltek.com/ Product Link : http://www.eltek.com/detailproducts.epl?k1=25507&id=1123846 About Product: The Smartpack controller is a powerful and cost-effective...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.61 views

LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow

Description: lame is a high quality MPEG Audio Layer III MP3 encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.61 views

Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection", 'Description' = %q This module exploits a command injection...

9CVSS7.4AI score0.72199EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.47 views

LAME 3.99.5 - 'II_step_one' Buffer Overflow

Description: lame is a high quality MPEG Audio Layer III MP3 encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases like this, when upstream is not active and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.43 views

NTFS 3.1 - Master File Table Denial of Service

Y0U HAVE BEEN EXPL0ITED!...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/26 12:0 a.m.58 views

JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)

!/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prior is prone to a stack-based buffer overflow vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.40 views

Adobe Flash - ATF Parser Heap Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1216 The attached file causes heap corruption in the ATF parser. To reproduce the issue, copy atffree.atf and LoadImage.swf to a server, and visit http://127.0.0.1/LoadImage.swf?img=atffree.png. Proof of Concept:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.22 views

Adobe Flash - Image Decoding Out-of-Bounds Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit: http://127.0.0.1/LoadImage.swf=read1.png Proof of Concept:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.35 views

unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 It appears that the VMSFDELTA memory corruption that was reported to Sophos AV in 2012 and fixed there was actually inherited from upstream unrar. For unknown reasons the information did not reach upstream rar or was...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.48 views

Microsoft Edge - 'CssParser::RecordProperty' Type Confusion

function go window.addEventListener"DOMAttrModified", undefined; m.style.cssText = "clip-path: urlfoo;"; !-- ========================================= Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this pointer is supposed to point to a CAttrArray but it actually...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.62 views

Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the WorkerFactoryBasicInformation 7 information class discloses portions of uninitialized kernel stack memory to user-mode clients...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.31 views

Adobe Flash - AVC Edge Processing Out-of-Bounds Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1212 The attached file causes an out-of-bounds read in avc edge processing. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42247.zip...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/23 12:0 a.m.26 views

Microsoft Windows - 'USP10!otlSinglePosLookup::getCoverageTable' Uniscribe Font Processing Out-of-Bounds Memory Read

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1203 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlSinglePosLookup::getCoverageTable function, while trying to display text using a corrupted TTF font file: --- 7f0.488: Access violation -...

7.4AI score
Exploits0
Total number of security vulnerabilities47904