>> CATEGORY: exploit

The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it.

The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a process creation notification routine. wcscpy_s is used incorrectly here, as the second argument is not the size of |Dst|, but rather…

NVIDIA suffers from a missing bounds check in escape 0x100010b.

The DxgkDdiEscape handler for 0x70001b2 doesn’t do proper bounds checks for its variable size input.

This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute…

PHP Support Tickets version 1.3 suffers from a remote SQL injection vulnerability.

PHP Support Tickets version 1.3 suffers from a local file inclusion vulnerability.

The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.

There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.

The DxgkDdiEscape handler for 0x70000d5 lacks bounds checks.