41207 matches found
Google Chrome - Out-of-Bounds Access in RegExp Stubs
Google Chrome - Out-of-Bounds Access in RegExp Stubs There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this chec...
Odoo CRM 10.0 - Code Execution
Odoo CRM 10.0 - Code Execution Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project...
Australian Education App - Remote Code Execution
Australian Education App - Remote Code Execution Exploit Title: Australian Education App - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser2.com Software Link: See APK archive websites Screenshot: Refer to...
BestSafe Browser - Man In The Middle Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites...
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution Exploit Title: eVestigator Forensic PenTester v1 - Remote Code Execution via MITM Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=penetrationtest.eVestigator.com Software...
Humax HG100R 2.0.6 - Backup File Download
Humax HG100R 2.0.6 - Backup File Download coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan import requests...
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
Easy File Sharing Web Server 7.2 - Unrestricted File Upload 2017/6/15 Chako EFS Web Server 7.2 Unrestricted File Upload Vendor Homepage: http://www.sharing-file.com Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web Server 7...
FreeBSD - FGPU Stack Clash (PoC)
FreeBSD - FGPU Stack Clash PoC / FreeBSDCVE-2017-FGPU.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
FreeBSD - FGPE Stack Clash (PoC)
FreeBSD - FGPE Stack Clash PoC / FreeBSDCVE-2017-FGPE.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
FreeBSD - setrlimit Stack Clash (PoC)
FreeBSD - setrlimit Stack Clash PoC / FreeBSDCVE-2017-1085.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...
Linux Kernel (Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511) - ldso_hwcap Stack Clash Local Privilege Escalation
Linux Kernel Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511 - ldsohwcap Stack Clash Local Privilege Escalation / Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C...
Linux Kernel (Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611) - ldso_hwcap_64 Stack Clash Local Privilege Escalation
Linux Kernel Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611 - ldsohwcap64 Stack Clash Local Privilege Escalation / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C...
NetBSD - Stack Clash (PoC)
NetBSD - Stack Clash PoC / NetBSDCVE-2017-1000375.c please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the...
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow SEH !/usr/bin/python 2017/6/17 Chako EFS Web Server 7.2 - Local Buffer OverflowSEH Tested on: Windows XP SP3 EN DEP Off Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Description:...
Linux Kernel (Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425) - ldso_dynamic Stack Clash Local Privilege Escalation
Linux Kernel Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425 - ldsodynamic Stack Clash Local Privilege Escalation / Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms o...
Oracle Solaris 11.111.3 (RSH) - Stack Clash Local Privilege Escalation
Oracle Solaris 11.111.3 RSH - Stack Clash Local Privilege Escalation / Solarisrsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published ...
OpenBSD - at Stack Clash Local Privilege Escalation
OpenBSD - at Stack Clash Local Privilege Escalation / OpenBSDat.c for CVE-2017-1000373 Copyright c 2017 Qualys, Inc. slowsort adapted from lib/libc/stdlib/qsort.c: Copyright c 1992, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary...
Flat Assembler 1.7.21 - Local Buffer Overflow
Flat Assembler 1.7.21 - Local Buffer Overflow !/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release What is FASM? Flat assembler is a fast, self-compilable assembly langua...
Linux Kernel - offset2lib Stack Clash
Linux Kernel - offset2lib Stack Clash / Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities...
GLPI 0.90.4 - SQL Injection
GLPI 0.90.4 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 Date: 2016/09/09 Exploit Author: Eric CARTER in/ericcarterengineer - CS c-s.fr Vendor Homepage: http://glpi-project.org Software Link: http://glpi-project.org/spip.php?article3 Version: 0.90.4 Tested...
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection Exploit Title: Ultimate Product Catalogue 4.2.2 Sql Injection – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ Software Link:...
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attacker...
Easy File Sharing Web Server 7.2 - GET PassWD Remote Buffer Overflow (SEH)
Easy File Sharing Web Server 7.2 - GET PassWD Remote Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP Request PassWD Buffer Overflow SEH Date: 19 June 2017 Exploit Author: clubjk Author Contact: [email protected] Vendor Homepage:...
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Symantec Messaging Gateway Remote Code Execution", 'Description' = %q This...
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow
IBM DB2 9.710.110.511.1 - Command Line Processor Buffer Overflow ''' DefenseCode Security Advisory IBM DB2 Command Line Processor Buffer Overflow Advisory ID: DC-2017-04-002 Advisory Title: IBM DB2 Command Line Processor Buffer Overflow Advisory URL:...
Eltek SmartPack - Backdoor Account
Eltek SmartPack - Backdoor Account Eltek SmartPack - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: Eltek SmartPack Vendor: http://www.eltek.com/ Product Link : http://www.eltek.com/detailproducts.epl?k1=25507&id=1123846 About Product: The Smartpack controller is...
LAME 3.99.5 - II_step_one Buffer Overflow
LAME 3.99.5 - IIstepone Buffer Overflow Description: lame is a high quality MPEG Audio Layer III MP3 encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker. In cases li...
NTFS 3.1 - Master File Table Denial of Service
NTFS 3.1 - Master File Table Denial of Service Y0U HAVE BEEN EXPL0ITED!...
JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)
JAD Java Decompiler 1.5.8e - Local Buffer Overflow NX Enabled !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prio...
LAME 3.99.5 - III_dequantize_sample Stack Buffer Overflow
LAME 3.99.5 - IIIdequantizesample Stack Buffer Overflow Description: lame is a high quality MPEG Audio Layer III MP3 encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian...
Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see...
unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - VMSFDELTA Filter Arbitrary Memory Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 It appears that the VMSFDELTA memory corruption that was reported to Sophos AV in 2012 and fixed there was actually inherited from upstream unrar. For unknown reasons...
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!SubstituteNtoM Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1200 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!SubstituteNtoM function, while trying to display...
Microsoft Windows - USP10!ttoGetTableData Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!ttoGetTableData Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1199 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ttoGetTableData function, while trying to displ...
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlValueRecord::adjustPos Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function,...
Microsoft Windows - USP10!NextCharInLiga Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!NextCharInLiga Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1202 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to display...
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1198 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while...
Microsoft Windows - nt!NtQueryInformationResourceManager (information class 0) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationResourceManager information class 0 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class...
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlSinglePosLookup::getCoverageTable Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1203 We have encountered a crash in the Windows Uniscribe user-mode library, in the...
Adobe Flash - Image Decoding Out-of-Bounds Read
Adobe Flash - Image Decoding Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit:...
Microsoft Windows - nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationWorkerFactory WorkerFactoryBasicInformation Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the...
Adobe Flash - ATF Parser Heap Corruption
Adobe Flash - ATF Parser Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1216 The attached file causes heap corruption in the ATF parser. To reproduce the issue, copy atffree.atf and LoadImage.swf to a server, and visit...
Adobe Flash - AVC Edge Processing Out-of-Bounds Read
Adobe Flash - AVC Edge Processing Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1212 The attached file causes an out-of-bounds read in avc edge processing. Proof of Concept:...
Microsoft Windows - USP10!CreateIndexTable Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!CreateIndexTable Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1201 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!CreateIndexTable function, while trying to...
Microsoft Edge - CssParser::RecordProperty Type Confusion
Microsoft Edge - CssParser::RecordProperty Type Confusion function go window.addEventListener"DOMAttrModified", undefined; m.style.cssText = "clip-path: urlfoo;"; !-- ========================================= Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this...
Microsoft Windows - USP10!otlReverseChainingLookup::apply Uniscribe Font Processing Out-of-Bounds Memory Read
Microsoft Windows - USP10!otlReverseChainingLookup::apply Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1205 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlReverseChainingLookup::apply...
Microsoft Windows - nt!NtQueryInformationJobObject (information class 28) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationJobObject information class 28 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented...
Microsoft Windows - nt!NtQueryInformationJobObject (information class 12) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationJobObject information class 12 Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1193 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented...
Microsoft Windows - win32k!NtGdiGetRealizationInfo Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetRealizationInfo Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1181 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10...