Результаты поиска

WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1353 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1354 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::FormSubmission::create' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1355 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1349 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1350 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1351 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1346 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1347 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that...

WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1348 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to...

WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1344 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::InputType::element' Use-After-Free (2) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1345 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH) #!/usr/bin/env python # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.flexense.com/ # Software link ...

iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service # Exploit Title: TpwnT - iOS Denail of Service POC # Date: 10-31-2017 # Exploit Author: Russian Otter (Ro) # Vendor Homepage: https://support.apple.com/en-us/HT208222 # Version: 2.1 # Tested on: iOS 10.3.2 - 11.1 # CVE...

Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1332 Windows: CiSetFileCache TOCTOU Security Feature Bypass Platform: Windows 10 10586/14393/10S not tested 8.1 Update 2 or Windows 7 Class: Security Feature...

Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheck(IR::Instr *const instr) { ...

Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1357 function opt(a, b, v) { if (b.length < 1) return; for (let i = 0; i < a.length; i++) a[i] = v; b[0] = 2.3023e-320; } The above...

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, <= 1.8.1 Published: November 12nd, 2017 Reported by: Kay CVE-2017-15806 Overview Zeta Components are a high quality, general purpose library of loosly coupled components for development of...

D-Link DIR-605L < 2.08 - Denial of Service # Exploit Title: D-Link DIR605L <=2.08 Denial of Service via HTTP GET (CVE-2017-9675) # Date: 2017-11-14 # Exploit Author: Enrique Castillo # Contact: https://twitter.com/_hyperlogic # Detailed Analysis...

Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1339 I accidentally found this while trying to reproduce another bug in Edge. Failed to reproduce on Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393...

Microsoft Edge Chakra JIT - Type Confusion with switch Statements /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1341&desc=3 Let's start with a switch statement and its IR code for JIT. JS: for (let i = 0; i <; 100; i++) { switch (i) { case 2: case...

MyBB 1.8.13 - Cross-Site Scripting # Exploit Title: XSS in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16781 No HTML escaping when returning an...

Kirby CMS < 2.5.7 - Cross-Site Scripting # Exploit Title: KirbyCMS <2.5.7 Stored Cross Site Scripting # Vendor Homepage: https://getkirby.com/ # Software Link: https://getkirby.com/try # Discovered by: Ishaq Mohammed # Contact: https://twitter.com/security_prince # Website...

D-Link DIR-850L - OS Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'openssl' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow # Tested on Windows 10 (x86) # The application requires to have the web server enabled. # Exploit for older version: https://www.exploit-db.com/exploits/40832/ #!/usr/bin/python import socket,os,time,struct,argparse parser =...