''' Advisory: Padding Oracle in Apache mod_session_crypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in mod_session_crypto of the Apache web server. This vulnerability can be exploited to decrypt the sessi
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=977 syslogd (running as root) hosts the com.apple.system.logger mach service. It's part of the system.sb sandbox profile and so reachable from a lot of sandboxed contexts. Here's a
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=976 powerd (running as root) hosts the com.apple.PowerManagement.control mach service. It checks in with launchd to get a server port and then wraps that in a CFPort: pmServerMachPo
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40957.zip When sending and receiving mach messages from userspace there
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40956.zip The previous ref count overflow bugs were all kinda slow becau
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40954.zip Userspace MIG services often use mach_msg_server or mach_msg_s
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the I
### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::Fil
# # Source: https://raw.githubusercontent.com/pedrib/PoC/master/exploits/netgearPwn.rb # # Remote code execution in NETGEAR WNR2000v5 # - by Pedro Ribeiro ( pedrib@gmail.com ) / Agile Information Security # Released on 20/12/2016 # # NOTE: this explo
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=972 In Chakra, Internationlization is initialized the first time the Intl object is used, by executing the script in Intl.js ( https://github.com/Microsoft/ChakraCore/blob/master/l
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=961 The following code occurs in JavascriptSIMDObject::ToLocaleString in JavascriptSimdObject.cpp: Var* newArgs = HeapNewArray(Var, numArgs); switch (numArgs) { case 1: break; case
!-- Source: http://blog.skylined.nl/20161220001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 11. There is sufficient time between the free and reuse for an attacker to control th
''' Source: http://blog.skylined.nl/20161219001.html Synopsis A specially crafted HTTP response can allow a malicious web-page to trigger a out-of-bounds read vulnerability in Google Chrome. The data is read from the main process' memory. Known affec
