The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations (see below) and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when it is using PDOSessionHandler to store its sessions, it uses MySQL as a backend for sessions managed by PDOSessionHandler, and the SQL mode does not contain STRICT_ALL_TABLES or STRICT_TRANS_TABLES (check via SELECT @@sql_mode).
CVE-2015-5112 is a vulnerability in Adobe Flash Player 18.0.0.194 and earlier versions. It allows an attacker to execute arbitrary code on the target system by exploiting a use-after-free vulnerability in the ActionScript 3 (AS3) virtual machine. The vulnerability is triggered when a maliciously crafted SWF file is loaded by the vulnerable Flash Player.
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device.
This vulnerability allows an attacker to reset the password of a user in AMS WebMail. The attacker can exploit this vulnerability by setting up a malicious web page with a JavaScript file that will send a request to the AMS WebMail server. The request will contain the user's email address and a reset password token. The attacker can then use the token to reset the user's password. The vulnerability is caused by the lack of proper input validation in the AMS WebMail server.
CVE-2018-4878 is a use-after-free vulnerability in Adobe Flash Player 28.0.0.137 and earlier versions. The vulnerability is caused by a dangling pointer in the Primetime SDK related to video object lifetime management. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
CVE-2018-4878 is a vulnerability in Adobe Flash Player that allows attackers to execute arbitrary code on the target system. The vulnerability is caused by a use-after-free error in the handling of the ActionScript 3 ByteArray class. An attacker can exploit this vulnerability by convincing a user to open a specially crafted Excel file. Once opened, the malicious code will be executed on the target system.
This exploit allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to a remote server.
rootsh is a local privilege escalation targeting OS X Yosemite 10.10.5 build 14F27. It exploits CVE-2016-1758 and CVE-2016-1828, two vulnerabilities in XNU that were patched in OS X El Capitan 10.11.4 and 10.11.5. CVE-2016-1758 is an information leak caused by copying out uninitialized bytes of kernel stack to user space. By comparing leaked kernel pointers with fixed reference addresses it is possible to recover the kernel slide. CVE-2016-1828 is a use-after-free during object deserialization. By passing a crafted binary-serialized dictionary into the kernel, it is possible to trigger a virtual method invocation on an object with a controlled vtable pointer.
This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls.
Services By CQR