/* exp_moosecox.c Watch a video of the exploit here: http://www.youtube.com/watch?v=jt81NvaOj5Y developed entirely by Ingo Molnar (exploit writer extraordinaire!) , thanks to Fotis Loukos for pointing the bug out to me -- neat bug! :) dedicated to t
/* written by Ingo Molnar -- it's true because this comment says the exploit was written by him!*/ #include stdio.h#include sys/syscall.h unsigned int _r81;unsigned int _r82;unsigned int _r91;unsigned int _r92;unsigned int _r101;unsigned int _r102;u
/* sieve (because the Linux kernel leaks like one, get it?) Bug NOT discovered by Marcus Meissner of SuSE security This bug was discovered by Ramon de Carvalho Valle in September of 2009 The bug was found via fuzzing, and on Sept 24th I was sent a P
Throughout November, I plan to release details on vulnerabilities Ifound in web-browsers which I've not released before. This is theseventeenth entry in that series. Unfortunately I won't be able topublish everything within one month at the current
/* Linux Kernel 2.6.32-642 / 3.16.0-4 'inode' Integer Overflow PoC The inode is a data structure in a Unix-style file system which describes a filesystem object such as a file or a directory. Each inode stores the attributes and disk block locations
Throughout November, I plan to release details on vulnerabilities Ifound in web-browsers which I've not released before. This is thesixteenth entry in that series. Unfortunately I won't be able topublish everything within one month at the current ra
!-- Source: http://blog.skylined.nl/20161121001.html Synopsis A specially crafted web-page can cause an unknown type of memory corruption in Microsoft Internet Explorer 8. This vulnerability can cause the Ptls5::Ls method (or other methods called by
1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Ven
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512CVE-2016-7434 ntpd remote pre-auth Denial of Service+----------------------------------------------------------------------------------------------+Affected: ntp-4.2.7p22, up to but not including ntp-4.2
### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'# Payload working status:# MIPS:# - all valid payloads working (the ones that we are able to send
Throughout November, I plan to release details on vulnerabilities Ifound in web-browsers which I've not released before. This is thefourteenth entry in that series. Unfortunately I won't be able topublish everything within one month at the current r
Throughout November, I plan to release details on vulnerabilities Ifound in web-browsers which I've not released before. This is thethirteenth entry in that series. Unfortunately I won't be able topublish everything within one month at the current r
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=934 There is a heap overflow in Array.splice in Chakra. When an array is spliced, and overflow check is performed, but ArraySpeciesCreate, which can execute code and alter the arra
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=925 There is an overflow when reversing arrays in Chakra. On line 5112 of JavascriptArray::EntryReverse, the length of the array is fetched and stored. It is then passed as a param
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=922 There is an info leak in Array.filter. In Chakra, the destination array that arrays are filtered into is initialized using ArraySpeciesCreate, which can create both native and
!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=945 JavascriptArray::FillFromPrototypes is a method that is used by several Javascript functions available in the browser to set the native elements of an array to the values provi
