aws-cfn-bootstrap local code execution as root==============================================The latest version of this advisory is available at:https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txtOverview--------AWS EC2
// EDB Note: Source ~ https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 // EDB Note: Source ~ https://github.com/bindecy/HugeDirtyCowPOC // Author Note: Before running, make sure to set transparent huge pages to always: `echo al
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::EX
# Exploit Author: Juan Sacco juan.sacco@kpn.com at KPN Red Team -http://www.kpn.com# Date and time of release: Nov, 15 2017# Found this and more exploits on my open source security project:http://www.exploitpack.com## Tested on: Asterisk 13.17.2~dfs
Introduced in commit f37708f6b8 (2.10). The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filte
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient de
''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when a
#! /usr/bin/perl # Exploit Title: Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service # Date: 2017-11-22 # Exploit Author: R.Yavari # Version: v5.66.Build.3512 # Tested on: Windows 10 , Windows 7 # other version should be affected # CVE-201
#! /usr/bin/perl # Exploit Title: KMPlayer .nsv Denial of Service # Date: 2017-11-22 # Exploit Author: R.Yavari # Version: v4.2.2.4 # Tested on: Windows 10 , Windows 7 # other version should be affected # NSV is Streaming video container format devel
While parsing BDAT data header, exim still scans for '.' and consider it the end of mail. https://github.com/Exim/exim/blob/master/src/src/receive.c#L1867 Exim goes into an incorrect state after this message is sent because the function pointer recei
#!/usr/bin/python # Tested on: Windows 10 Professional (x86) # Exploit for previous version: https://www.exploit-db.com/exploits/42455/ (Seems they haven't patched the vulnerability at all :D) # msfvenom -p windows/exec CMD=calc.exe -e x86/unicode_mi
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present page
Microsoft Edge: Chakra: JIT: Incorrect function declaration scope CVE-2017-11870In the following JavaScript code, both of the print calls must print out undefined because of x is a formal parameter. But the second print call prints out function x()
Microsoft Edge: Chakra: JIT: Inline::InlineCallApplyTarget_Shared doesn#39;t return the return instruction CVE-2017-11841Here's a snippet of Inline::Optimize. FOREACH_INSTR_EDITING(instr, instrNext, func-m_headInstr) { switch (instr-m_opcode) { case
Microsoft Edge: Chakra: JIT: BailOutOnTaggedValue bailouts can be generated for constant values CVE-2017-118391.In the Chakra's JIT compilation process, it stores variables' type information by basic block.function opt(b) { let o; if (b) { // BASIC
