搜索 "gitem"

不再关注网络安全

gitem
  • 2019-04-09
    • tools
  • 2289 阅读

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) – Remote Code Execution
  • 2022-07-29
    • exploits
  • 103 阅读

# Exploit Title: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution # Exploit Author: LiquidWorm <#SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit ...

xglance-bin 11.00 – Privilege Escalation
  • 2020-02-05
    • exploits
  • 106 阅读

# Exploit Title: xglance-bin 11.00 - Privilege Escalation # Exploit Author: Robert Jaroszuk and Marco Ortisi (RedTimmy Security) # Date: 2020-02-01 # Tested on: RHEL 5.x/6.x/7.x/8.x # CVE: CVE-2014-2630 # Disclamer: This exploit is for educat...

Adobe Acrobat CoolType (AFDKO) – Memory Corruption in the Handling of Type 1 Font load/store Operators
  • 2019-08-15
    • exploits
  • 103 阅读

-----=====[ Background ]=====----- AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces f...

Microsoft Edge Chakra – OP_Memset Type Confusion
  • 2018-11-19
    • exploits
  • 104 阅读

/* Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it doesn't check the "value" argument ...

WebKit – ‘WebCore::RenderMultiColumnSet::updateMinimumColumnHeight’ Use-After-Free
  • 2018-09-25
    • exploits
  • 86 阅读

<!-- There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on the ASan build of WebKit revision 233419 on OSX. The vulnerability has also been confirmed on Safari 11.1.1 sources grabbed from https://svn.we...

Microsoft Edge Chakra JIT – Magic Value Type Confusion
  • 2018-05-22
    • exploits
  • 99 阅读

/* BOOL JavascriptNativeFloatArray::SetItem(uint32 index, double dValue) { if (*(uint64*)&dValue == *(uint64*)&JavascriptNativeFloatArray::MissingItem) { JavascriptArray *varArr = JavascriptNativeFloatArray::ToVarArray(this); varArr-...

SixApart MovableType – Storable Perl Code Execution (Metasploit)
  • 2015-05-12
    • exploits
  • 106 阅读

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking inclu...

SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
  • 2015-02-11
    • exploits
  • 107 阅读

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking ...

Apache 2.4.7 mod_status – Scoreboard Handling Race Condition
  • 2014-07-21
    • exploits
  • 84 阅读

--[ 0. Sparse summary Race condition between updating httpd's "scoreboard" and mod_status, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memor...