Clik here to view.
Microsoft Windows Kernel Pool GetFontData Address Leak
The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.MD5 | 0fc9e0391632fca8d511a3b229bca0a1DownloadSource:packetstormsecurity.com
View ArticleClik here to view.
Microsoft Windows Kernel Pool Address Derivation
The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The...
View ArticleClik here to view.
D-Link DIR605L - Denial of Service
EDB-ID: 43147Author: Enrique CastilloPublished: 2017-11-14CVE: CVE-2017-9675 Type: DosPlatform: HardwareVulnerable App: N/A # Date: 2017-11-14 # Exploit Author: Enrique Castillo # Contact:...
View ArticleClik here to view.
Vir.IT Explorer Anti-Virus CVE-2017-16237 Local Privilege Escalation...
Vir.IT Explorer Anti-Virus is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Vir.IT Explorer Anti-Virus prior to version...
View ArticleClik here to view.
Microsoft Edge Object.setPrototypeOf Memory Corruption
Microsoft Edge suffers from a memory corruption vulnerability in Object.setPrototypeOf.MD5 | 92759ead0f53bf182fa98170e0d5a064DownloadMicrosoft Edge: Memory corruption with Object.setPrototypeOf...
View ArticleClik here to view.
Microsoft Edge Chakra JIT Type Confusion
Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements.MD5 | 8f8c70e8979dd42b0451c66d98b096e6DownloadMicrosoft Edge: Chakra: JIT: Type confusion with...
View ArticleClik here to view.
Microsoft Edge Charka JIT Incorrect Check
Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.MD5 | f57dbe49f45b04c0077db21db1563088DownloadMicrosoft Edge: Chakra: JIT: Incorrect...
View ArticleClik here to view.
Microsoft Edge Chakra JIT Bailout Generation
Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.MD5 | c404973e6b026871d91a362e59d73a57DownloadMicrosoft Edge: Chakra: JIT: Bailouts must be generated for...
View ArticleClik here to view.
D-Link DIR605L 2.08 Denial Of Service
D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET.MD5 | 3c396f0245454d42f77452604a2987dbDownload# Exploit Title: D-Link DIR605L <=2.08 Denial...
View ArticleClik here to view.
Cisco RF Gateway 1 CVE-2017-12318 Denial of Service Vulnerability
Cisco RF Gateway 1 is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCvf19887....
View ArticleClik here to view.
Cisco Unified Communications Manager CVE-2017-12302 SQL Injection Vulnerability
Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
View ArticleClik here to view.
Cisco IOS and IOS XE Software CVE-2017-12304 Cross Site Scripting Vulnerability
Cisco IOS and IOS XE Software are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
View ArticleClik here to view.
Zeta Components Mail CVE-2017-15806 Arbitrary Code Execution Vulnerability
Zeta Components Mail is prone to an arbitrary code execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the host operating system. Failed exploit...
View ArticleClik here to view.
LanSweeper 6.0.100.75 - Cross-Site Scripting
EDB-ID: 43149Author: Miguel Mendez ZPublished: 2017-11-16CVE: CVE-2017-16841 Type: WebappsPlatform: ASPXVulnerable App: N/A Title: Vulnerability in LanSweeper Date: 16-11-2017 Status: Vendor contacted,...
View ArticleClik here to view.
TP-Link TL-WR740N - Cross-Site Scripting
EDB-ID: 43148Author: bl00dyPublished: 2017-11-16CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 15/11/2017 # Exploit Author: bl00dy # Vendor Homepage: http://www.tp-link.com...
View ArticleClik here to view.
Vonage VDV23 - Cross-Site Scripting
EDB-ID: 43150Author: Nu11By73Published: 2017-11-16CVE: CVE-2017-16843 Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 16/11/2017 # Exploit Author: Nu11By73 # Hardware Version: VDV-23: 115 #...
View ArticleClik here to view.
Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption
EDB-ID: 43151Author: Google Security ResearchPublished: 2017-11-16CVE: CVE-2017-8751 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer...
EDB-ID: 43153Author: Google Security ResearchPublished: 2017-11-16CVE: CVE-2017-11861 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Integer OverflowVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion
EDB-ID: 43154Author: Google Security ResearchPublished: 2017-11-16CVE: CVE-2017-11873 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Type Confusion with switch Statements
EDB-ID: 43152Author: Google Security ResearchPublished: 2017-11-16CVE: CVE-2017-11811 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View Article