首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  vsserver
  当前位置:主页>安全文章>文章资料>Exploits>列表
WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Rea
  日期:2017-11-23 14:36:12 点击:2 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1349 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =========================================
WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read
  日期:2017-11-23 14:35:18 点击:4 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1348 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: =========================================
WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free
  日期:2017-11-23 14:34:30 点击:2 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1347 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
  日期:2017-11-23 14:33:20 点击:2 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1346 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ==============================================
WebKit - 'WebCore::InputType::element' Use-After-Free
  日期:2017-11-23 14:30:58 点击:1 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1345 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ==============================================
WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free
  日期:2017-11-23 14:28:25 点击:2 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1344 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ==============================================
Vonage VDV-23 - Denial of Service
  日期:2017-11-23 14:27:23 点击:3 评论:0
Overview During an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be p
Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)'
  日期:2017-11-22 15:38:44 点击:7 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1361 We have discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields
iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service
  日期:2017-11-21 14:56:14 点击:10 评论:0
# Exploit Title: TpwnT - iOS Denail of Service POC # Date: 10-31-2017 # Exploit Author: Russian Otter (Ro) # Vendor Homepage: https://support.apple.com/en-us/HT208222 # Version: 2.1 # Tested on: iOS 10.3.2 - 11.1 # CVE: CVE-2017-13849 ---------------
VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH)
  日期:2017-11-20 14:09:09 点击:3 评论:0
#!/usr/bin/env python # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.flexense.com/ # Software link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.2.14.exe
phpMyFAQ 2.9.9 Code Injection
  日期:2017-11-20 14:08:10 点击:8 评论:0
# Exploit Title: [PHPMYFAQ 2.9.9 Code Injection]# Google Dork: [NA]# Date: [Nov 6 2017]# Exploit Author: [tomplixsee]# Author blog : [cupuzone.wordpress.com]# Vendor Homepage: [ http://www.phpmyfaq.de]# Software Link: [http://download.phpmyfaq.de/ph
Microsoft Edge Chakra JIT Bailout Generation
  日期:2017-11-16 16:20:47 点击:1 评论:0
Microsoft Edge: Chakra: JIT: Bailouts must be generated for OP_Memset CVE-2017-11873function opt(a, b, v) { if (b.length 1) return; for (let i = 0; i a.length; i++) a[i] = v; b[0] = 2.3023e-320;}The above JavaScript code is JITed as follows:... CHEC
Microsoft Edge Charka JIT Incorrect Check
  日期:2017-11-16 16:20:09 点击:6 评论:0
Microsoft Edge: Chakra: JIT: Incorrect integer overflow check in Lowerer::LowerBoundCheck CVE-2017-11861Here's a snippet of the method.void Lowerer::LowerBoundCheck(IR::Instr *const instr){ ... if(rightOpnd-IsIntConstOpnd()) { IntConstType newOffset
Microsoft Edge Chakra JIT Type Confusion
  日期:2017-11-16 16:18:52 点击:1 评论:0
Microsoft Edge: Chakra: JIT: Type confusion with switch statements CVE-2017-11811Let's start with a switch statement and its IR code for JIT.JS:for (let i = 0; i 100; i++) { switch (i) { case 2: case 4: case 6: case 8: case 10: case 12: case 14: cas
Microsoft Edge Object.setPrototypeOf Memory Corruption
  日期:2017-11-16 16:17:32 点击:1 评论:0
Microsoft Edge: Memory corruption with Object.setPrototypeOf CVE-2017-8751I accidentally found this while trying to reproduce another bug in Edge.Failed to reproduce on Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.Tested on Microsoft
D-Link DIR605L - Denial of Service
  日期:2017-11-16 16:16:06 点击:1 评论:0
# Exploit Title: D-Link DIR605L =2.08 Denial of Service via HTTP GET (CVE-2017-9675) # Date: 2017-11-14 # Exploit Author: Enrique Castillo # Contact: https://twitter.com/_hyperlogic # Detailed Analysis: http://hypercrux.com/bug-report/2017/06/19/DIR6
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow
  日期:2017-11-15 15:44:21 点击:3 评论:0
# Tested on Windows 10 (x86) # The application requires to have the web server enabled. # Exploit for older version: https://www.exploit-db.com/exploits/40832/ #!/usr/bin/python import socket,os,time,struct,argparse parser = argparse.ArgumentParser()
Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution
  日期:2017-11-15 15:35:19 点击:1 评论:0
# Exploit-DB Note ~ Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c # Exploit-DB Note ~ Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html #include stdio.h #include string.h #include stdlib.h #include un
Ulterius Server < 1.9.5.0 - Directory Traversal
  日期:2017-11-15 15:33:24 点击:2 评论:0
# Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access # Date: 11/13/2017 # Exploit Author: Rick Osgood # Vendor Homepage: https://ulterius.io/ # Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b
PHP 7.1.8 - Heap-Based Buffer Overflow
  日期:2017-11-15 15:31:18 点击:2 评论:0
Description: ------------ A heap out-of-bound read vulnerability in timelib_meridian() can be triggered via wddx_deserialize() or other vectors that call into this function on untrusted inputs. $ ~/php-7.1.8/sapi/cli/php --version PHP 7.1.8 (cli) (bu
共585页/11687条记录 首页 上一页 [1] [2] [3] 4 [5] [6] [7] 下一页 末页
  本月热点文章
·Abyss Web Server < 2.11.6 -
·Artica Web Proxy 3.06 - Remo
·Linux Kernel - 'The Huge Dir
·iOS < 11.1 / tvOS < 11.1 / w
·Linux Kernel - DCCP Socket U
·pfSense 2.3.1_1 Remote Comma
·phpMyFAQ 2.9.9 Code Injectio
·Claymore's Dual Miner 10.1 S
·Asterisk 13.17.2~dfsg-2 Memo
·Linux - 'mincore()' Uninitia
·HP iMC Plat 7.2 - Remote Cod
·WebKit - 'WebCore::Style::Tr
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved