This exploit is a Ruby script that can be used to exploit the PRF (Pseudo Random Function) vulnerability in OpenSSL. The exploit uses the OpenSSL library to generate a HMAC-MD5 and HMAC-SHA1 hash of a given secret, label, and seed. The hashes are then XORed together to generate the PRF output.
OpenSSL Certificate Spoofing is a vulnerability that allows an attacker to spoof an SSL certificate. This vulnerability is caused by a flaw in the OpenSSL library that allows an attacker to generate a valid certificate with any subject name they choose. This vulnerability can be exploited by an attacker to impersonate a legitimate website or service and gain access to sensitive information.
This exploit is a 0day preauth RCE exploit for Vbulletin 5.1.X. It was leaked from the IoT and allows an attacker to execute arbitrary code on the vulnerable system. The exploit works by building an object with a malicious function and then encoding it with urlencode and serialize. The encoded object is then passed to the decodeArguments API hook, which will unserialize the object and execute the malicious function.
Python 3.3 - 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each given index to a value within a range from 0 up to the max number of pools. Then, it loops over the pools and gets an item from the pool using the previously clamped index value. However, for the upper bound, the clamping logic is using the number of pools and not the size of the individual pool, which can result in a call to PyTuple_GET_ITEM that uses an index outside of the bounds of the pool. The invalid result of the PyTyple_GET_ITEM() expression is then passed to Py_INCREF(), which performs a write operation that corrupts memory. In some applications, it may be possible to exploit this behavior to corrupt sensitive information, crash, or achieve code execution.
A JPEG file can cause memory corruption in the DCMProvider service when the file is processed by the media scanner. This can lead to a crash with a SIGSEGV signal, code 1 (SEGV_MAPERR), and fault address 0x8080808080808080 or 0x808080808000d0.
A vulnerability exists in the Gallery3D app of Samsung devices running Android 8.0.0 and earlier. The vulnerability is caused by a memset writing out of bounds when loading the bitmap bmp_memset.bmp. This can lead to a crash of the app. To reproduce the vulnerability, download the attached bmp_memset.bmp and load the bitmap in the Gallery3D app.
The attached jpg, upsample.jpg can cause memory corruption when media scanning occurs. The vulnerability is caused by a buffer overflow in the WINKJ_DoIntegralUpsample+164 function of the libQjpeg.so library. The SIGSEGV signal is triggered when the WINKJ_SetupUpsample+228 function is called, which leads to a crash of the DCMService process.
The Samsung Gallery application crashes when loading the attached GIF, colormap.gif. The crash is caused by a buffer overflow in the ColorMap function of the SecMMCodec library. The application attempts to access memory outside of the allocated buffer, resulting in a segmentation fault.
The attached files cause memory corruption when they are scanned by the face recognition library in android.media.process. The vulnerability is triggered when the face recognition library scans the attached files, causing a fatal signal 11 (SIGSEGV) and code 1 (SEGV_MAPERR) with a fault address of 0x0. To reproduce, download the attached file and scan it with the face recognition library.
actiTIME is a web timesheet software. It suffers from multiple security vulnerabilities including: Open Redirection, HTTP Response Splitting and Unquoted Service Path Elevation Of Privilege.
Services By CQR