Showing 1 - 11 of 11

Files Date: 2021-02-05

Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow: Posted Feb 5, 2021; Authored by Google Security Research, Tim Willis; Apple CoreText libType1Scaler.dylib suffers from a heap out-of-bounds-write due to an integer overflow vulnerability in STOREWV othersubr.; tags | exploit, overflow; systems | apple; advisories | CVE-2020-27944; SHA-256 | 5bc7d9095b5e3a443161d656caf0d98e618030349e3b02521fce505ffb28bfe4; Download | Favorite | View

Apple CoreText libFontParser.dylib Stack Corruption: Posted Feb 5, 2021; Authored by Google Security Research, Tim Willis; Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.; tags | exploit; systems | apple; advisories | CVE-2020-0938, CVE-2020-29624; SHA-256 | 20846ff276b0918588c20eba4f03a51e239d0c24a7bc30e422ba7d6a2a943720; Download | Favorite | View

Apple CoreText libType1Scaler.dylib Buffer Overflow: Posted Feb 5, 2021; Authored by Google Security Research, Tim Willis; Apple CoreText libType1Scaler.dylib suffers from a heap buffer overflow vulnerability in the Counter Control Hints.; tags | exploit, overflow; systems | apple; advisories | CVE-2020-27943; SHA-256 | e9d0553c3318c8cfd5e3a7cef08c6780c862cd2e9728e3e931ac58bc5d0dd690; Download | Favorite | View

Apple CoreText libType1Scaler.dylib Memory Disclosure: Posted Feb 5, 2021; Authored by Google Security Research, Tim Willis; Apple CoreText libType1Scaler.dylib suffers from a memory disclosure vulnerability via an uninitialized transient array.; tags | exploit; systems | apple; advisories | CVE-2020-27946; SHA-256 | f0083ddd4710cae64924c74a0167cfc38f0711da70bd85eac021e889e40d7814; Download | Favorite | View

XNU Kernel Mach Message Trailers Memory Disclosure: Posted Feb 5, 2021; Authored by Google Security Research, Ian Beer; The XNU kernel suffers from a memory disclosure vulnerability in mach message trailers.; tags | exploit, kernel; advisories | CVE-2020-27950; SHA-256 | 642f39fd92a5ac4ffb770427ffb354a2a9fadfb25d5b0622ea37837653fb0f84; Download | Favorite | View

XNU Kernel Turnstiles Type Confusion: Posted Feb 5, 2021; Authored by Google Security Research, Ian Beer; The XNU kernel suffers from a type confusion vulnerability in turnstiles.; tags | exploit, kernel; advisories | CVE-2020-27932; SHA-256 | d3d2bb641fe186858d248f07b853338f4be5d90e81441c7f7abebd7540ae579c; Download | Favorite | View

Apple Safari Remote Code Execution: Posted Feb 5, 2021; Authored by Google Security Research, mjurczyk; Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.; tags | exploit, remote, code execution; systems | apple, ios; advisories | CVE-2020-27930; SHA-256 | ee0df6f67552aebe8e8c91b5e13e7a4dc6342b9e701c512f4847cf4f5b91f7cc; Download | Favorite | View

Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow: Posted Feb 5, 2021; Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com; A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.; tags | exploit, overflow, local; advisories | CVE-2021-3156; SHA-256 | cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bc; Download | Favorite | View

SEO Panel 4.6.0 Remote Code Execution: Posted Feb 5, 2021; Authored by Kr0ff; SEO Panel version 4.6.0 remote code execution exploit. Original discovery of code execution in this version is attributed to Daniel Monzon and Kiko Andreu in October of 2020.; tags | exploit, remote, code execution; SHA-256 | 32235f5af245cae264b5c3a9f586e7317257d23a3407ae0e6b1e9f54d275b9ac; Download | Favorite | View

PhreeBooks 5.2.3 Remote Code Execution: Posted Feb 5, 2021; Authored by Kr0ff; PhreeBooks ERP version 5.2.3 remote code execution exploit. Original discovery of this vulnerability is attributed to Abdullah Celebi in April of 2019.; tags | exploit, remote, code execution; SHA-256 | 6318dca6517f810ccc72e6eda9d9b9465e83b02cd6a7e31fc0c1c37fe3f83e58; Download | Favorite | View

LiteSpeed Web Server Enterprise 5.4.11 Command Injection: Posted Feb 5, 2021; Authored by SunCSR, cmOs; LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.; tags | exploit, remote, web; SHA-256 | 3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days