Subscribe via feed.
Archive for January, 2016

iOS Kernel AppleOscarAccelerometer Use-After-Free

Posted by deepcore under exploit (No Respond)

The iOS kernel suffers from a use-after-free vulnerability in AppleOscarAccelerometer.

Wireshark Hiqnet_display_data Out-Of-Bounds Read

Posted by deepcore under exploit (No Respond)

Wireshark suffers from an out-of-bounds read in Hiqnet_display_data.

iOS / OS X Kernel Uninitialized Variable Code Execution

Posted by deepcore under exploit (No Respond)

The _ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of the kernel-side MIG handling code.

Kleefa 1.7 Cross Site Scripting / SQL Injection

Posted by deepcore under exploit (No Respond)

Kleefa version 1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.

Wireshark Nettrace_3gpp_32_423_file_open Out-Of-Bounds Read

Posted by deepcore under exploit (No Respond)

Wireshark suffers from a heap-based out-of-bounds read in Nettrace_3gpp_32_423_file_open.

iOS Kernel AppleOscarCompass Use-After-Free

Posted by deepcore under exploit (No Respond)

The iOS kernel suffers from a use-after-free vulnerability in AppleOscarCompass.

IOSCSIPeripheralDeviceType00 Kernel Null Dereference

Posted by deepcore under exploit (No Respond)

Opening userclient type 12 of IOSCSIPeripheralDeviceType00 leads to an exploitable kernel NULL dereference.

Android Libstagefright Tag Parsing Heap Buffer Overflow

Posted by deepcore under exploit (No Respond)

This proof of concept demonstrates the Android Libstagefright heap buffer overflow that occurs due to an integer overflow in MP3 ID3 tag parsing.

Secure Item Hub 1.0 XSS / Code Execution / File Upload

Posted by deepcore under exploit (No Respond)

Secure Item Hub version 1.0 suffers from input validation, code execution, and remote file upload vulnerabilities.

Pdfium Opj_j2k_read_mcc Out-Of-Bounds Read

Posted by deepcore under exploit (No Respond)

Pdfium suffers from a heap-based out-of-bounds read in Opj_j2k_read_mcc (libopenjpeg).