Posts

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)

Microsoft Edge - Chakra Incorrectly Parses Object Patterns

Linux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes

Microsoft Edge Chakra - 'Parser::ParseCatch' does not Handle 'eval'

Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses

PHPMyFAQ 2.9.8 - Cross-Site Scripting

Disk Pulse Enterprise 9.9.16 GET Buffer Overflow

WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting

WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading

SUSE/Portus 2.2 Cross Site Scripting

DlxSpot Hardcoded Password

DlxSpot Shell Upload

DlxSpot SQL Injection

Microsoft Edge Partial Page Loading Memory Corruption

Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure

Microsoft Windows Kernel win32k!NtGdiHLSurfGetInformation Memory Disclosure

Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure

Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read

Microsoft Windows Kernel win32k!NtGdiEngCreatePalette Memory Disclosure

Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Memory Disclosure

Microsoft Windows Kernel TTF Font Processing glyf Out-Of-Bounds Read

Microsoft Windows Kernel TTF Font Processing Out-Of-Bounds

Microsoft Windows Kernel nt!NtSetIoCompletion / nt!NtRemoveIoCompletion Memory Disclosure

Microsoft Windows Kernel win32k!NtGdiGetPhysicalMonitorDescription Memory Disclosure

Microsoft Windows Kernel win32k!NtGdiGetGlyphOutline Memory Disclosure

Watchguard Firebox / XTM XML-RPC Empty Member Denial Of Service

D-Link DGS-3000-10TC Cross Site Scripting / Content Spoofing

iBall ADSL2+ Home Router Authentication Bypass

UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass

ZKTeco ZKTime Web 2.0.1.12280 Information Disclosure

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery

HPE < 7.2 - Java Deserialization

iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection

Foodspotting Clone 1.0 - SQL Injection

Tecnovision DLX Spot - SSH Backdoor

Tecnovision DLX Spot - Arbitrary File Upload

Tecnovision DLX Spot - Authentication Bypass

TOR Virtual Network Tunneling Tool 0.3.1.7

Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)

Apache - HTTP OPTIONS Memory Leak

Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed "glyf" Table (win32k!fsc_CalcGrayRow)

Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure

Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure

Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure

Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure

Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure