header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Uninitialized Kernel Stack Memory Disclosure in nt!NtGdiEngCreatePalette System Call

The nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mode clients. This occurs when palettes are created in the PAL_INDEXED mode with up to 256 colors and a temporary stack-based buffer is used without pre-initializing it with zeros. The uninitialized memory can be treated as valid palette colors, leading to the creation of a palette with uninitialized memory from the kernel stack. This memory can be subsequently read back using the GetPaletteEntries() API.

nt!NtRemoveIoCompletion System Call Handler Information Disclosure

The nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mode clients on 64-bit platforms. The bug occurs when passing the IO_STATUS_BLOCK structure back to user-mode, where the upper 32 bits of the 'Pointer' field remain uninitialized if only the 'Status' field is initialized. The nt!NtRemoveIoCompletion system call copies the entire structure back to user-mode, revealing the uninitialized memory.

Uninitialized Kernel Stack Memory Disclosure in Windows

The nt!NtGdiGetPhysicalMonitorDescription system call in Windows 7 to Windows 10 discloses uninitialized kernel stack memory to user-mode clients. The syscall copies a stack-based array of 256 bytes to the caller, but typically only a small portion of the buffer is used to store the requested monitor description, leaving the rest uninitialized. This uninitialized memory region contains sensitive information such as addresses of executable images, kernel stack, kernel pools, and stack cookies.

Ncaster 1.7.2 RCE Vulnerability

The Ncaster 1.7.2 script is vulnerable to remote code execution due to improper validation of the 'adminfolder' parameter in the 'archive.php' file. An attacker can exploit this vulnerability by injecting a shell command in the 'adminfolder' parameter, leading to arbitrary code execution.

nhrp-dos

The nhrp-dos exploit allows an attacker to cause a denial of service by sending malicious packets to a Cisco router that is using the Next-Hop-Resolution Protocol (NHRP). This vulnerability is identified by the Cisco bug ID CSCin95836. NHRP is a protocol used by a source host/router to determine the next hop towards the destination in a Non-Broadcast-Multi-Access (NBMA) subnetwork. The exploit targets the NHRP functionality of Cisco routers and can disrupt network connectivity.

Recent Exploits: