what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2016-08-28

Keeper UI Injection
Posted Aug 28, 2016
Authored by Tavis Ormandy, Google Security Research

Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.

tags | exploit
SHA-256 | bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486d
Adobe Flash MovieClip Transform Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in the Adobe Flash MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip before it is accessed.

tags | exploit
advisories | CVE-2016-4230
SHA-256 | 8e0a48ee796dc46bf201b5bec60fb0c2fea4eaaff0ede8662854456151504e5c
Adobe Flash BitmapData.copyPixels Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in Adobe Flash BitmapData.copyPixels. If the method is called on a MovieClip, and the MovieClip is deleted during parameter conversions, it is used to convert future parameters, even though it has already been freed.

tags | exploit
advisories | CVE-2016-4229
SHA-256 | 0a3401d2588c89c8cb83520304f111cda886ab6b1fa44838fdd32599be2f4efa
Adobe Flash Rectangle Return Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

Several methods in Adobe Flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip, the Rectangle instantiation will run on its thread. If a getter is added to this class's package, it will be invoked when fetching the rectangle constructor, which can free the method's thread, which will cause the Rectangle constructor to run on a thread which has been freed.

tags | exploit
advisories | CVE-2016-4228
SHA-256 | f898e72b34514ad22259dcefdd52f3d177b215cd0242a8842fd2e4e2e609f90c
Adobe Flash Selection.setFocus Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in Adobe Flash Selection.setFocus. It is a static method, but if it is called with a this object, it will be called on that object's thread. Then, if it calls into script, for example, by calling toString on the string parameter, the object, and its thread will be deleted, and a use-after-free occurs.

tags | exploit
advisories | CVE-2016-4227
SHA-256 | fa507c4afbb1bc497d0cc5c2a99904cd2a73bd86ee4b1d906ad6cf627872c99b
Adobe Flash Stage.align Use-After-Free
Posted Aug 28, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in the Adobe Flash Stage.align property setter. When the setter is called, the parameter is converted to a string early, as a part of the new use-after-free prevention changes. This conversion can invoke script, which if the this object is a MovieClip, can delete the object, deleting the thread the call is made from, which can lead to a use-after-free.

tags | exploit
advisories | CVE-2016-4226
SHA-256 | 66d1624a35df614e84e05e1f157c0e1769f423cb0522075826d8dfbcf3dae5fe
Stegano 0.6.1
Posted Aug 28, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Reorganization of the steganalysis sub-module.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | a6b0438fe098982f9eff3143a85ca4be352a7bf47733175568ece01ef5f0500f
OATH Toolkit 2.6.2
Posted Aug 28, 2016
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Updated documentation and made various improvements.
tags | tool
systems | unix
SHA-256 | b03446fa4b549af5ebe4d35d7aba51163442d255660558cd861ebce536824aa0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close