A use-after-free vulnerability exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm when kgsl_mem_entry_destroy() in drivers/gpu/msm/kgsl.c is called for a writable entry with memtype KGSL_MEM_ENTRY_USER. It attempts to mark the entry's pages as dirty using the function set_page_dirty(). This function first loads page->mapping using page_mapping(), then calls the function pointer mapping->a_ops->set_page_dirty. The bug is that, as explained in upstream commit e92bb4dd9673, the mapping of a page can be freed concurrently unless it is protected somehow (e.g. by holding the page lock, or by holding a reference to the mapping). For callers who don't hold any such lock or reference, set_page_dirty_lock() is provided to safely mark a page as dirty. To reproduce on a Pixel 2 (walleye), one must check out the tree specified, enable KASAN in the kernel config, apply the attached kernel patch kgsl-bigger-race-window.patch to make the race window much bigger, build and boot the kernel, build the attached poc.c with aarch64-linux-gnu-gcc -static -o poc poc.c -Wall, and run the PoC on the device (adb push, adb shell, ./poc).
While fuzzing Spidermonkey, an exploit was encountered which crashes debug builds of the latest release version of Spidermonkey. The exploit is caused by a custom function being inlined which makes assumptions about the input ObjectGroup. This causes an unexpected ObjectGroup to be seen by the ObjectGroupDispatch operation, which in debug builds will crash with an assertion failure.
A vulnerability in Microsoft Edge allows an attacker to overwrite DACL permissions and gain privilege escalation. This is done by creating a directory and hardlink in the local appdata folder, which will write the DACL. The version of Microsoft Edge must be specified in the PoC (polarbear.exe) for the exploit to work.
The SMTP Server will crash when a malicious code is run on localhost. The code creates a buffer of strings and sends them to the server, causing it to crash.
pfSense software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. The ACME Package for pfSense interfaces with Let’s Encrypt to handle the certificate generation, validation, and renewal processes. An attacker can exploit this vulnerability by navigating to the acme_accountkeys_edit.php page and inputting malicious payloads into the Name and Description fields, which will then trigger an XSS box to pop-up.
The login form on pTransformer ADC does not filter dangerous character such as single quote ('). This has cause the application to be vulnerable to SQL Injection. The vulnerable parameter is User ID. By injecting ' or '1'='1'-- ,it will bypass the login form.
Sometimes developers keeps sensitive data logged into the developer console. Thus, attacker easy to capture sensitive information like password. In this application, with adb, attacker can capture password of any users via forgot password function.
Maconomy ERP is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to read sensitive files from the server, such as the /etc/passwd file.
Pidgin 2.13.0 is vulnerable to a denial of service attack when a maliciously crafted username is used to create an account. This causes the application to crash when the user attempts to join a chat.
A vulnerability in Fast AVI MPEG Joiner allows an attacker to cause a denial of service by creating a file with 6000 bytes of data and pasting it into the 'License Name' field. This will cause the application to crash.
Services By CQR