!-- Skia bug report: https://bugs.chromium.org/p/skia/issues/detail?id=7674 Mozilla bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1441941 In Skia, SkTDArray stores length (fCount) and capacity (fReserve) as 32-bit ints and does not perfor
!-- 1. Background The CrossSite class is used for passing JavaScript variables across different contexts. Chakra is basically trying to wrap every variable being passed from a context to another context. The way it wraps an object is, first overwrit
!doctype html html lang=en head meta http-equiv=Content-Type content=text/html; charset=UTF-8 meta http-equiv=x-ua-compatible content=IE=10 meta http-equiv=Expires content=0 meta http-equiv=Pragma content=no-cache meta http-equiv=Cache-control conte
# Exploit Title: FTPShell Server 6.80 - Local Denial of Service # Exploit Author: Hashim Jawad # Date: 2018-05-23 # Vendor Homepage: http://www.ftpshell.com/ # Vulnerable Software: http://www.ftpshell.com/downloadserver.htm # Tested on: Windows 7 Ent
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Post::Linux::
/* ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 (Memory Disam
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule Msf::Exploit::Local Rank = GreatRanking include Msf::Post::File include Msf::Post::Linux:
/* Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instaed of the control flow. This may lead to incorrectly remove the bound checks. In the f
