Search Results for "cve"

This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Code Execution Vulnerability"), a use-after-free dereference in http.sys patched by Microsoft in May 2021. The bug itself happens in http!UlpParseContentCoding where the function has a local LIST_ENTRY and appends an item to it. When it's done, it moves it into the Request structure; but it doesn't NULL out the local list.

Heartbleed contains a compact, purpose-built implementation for detecting the infamous Heartbleed vulnerability in OpenSSL’s TLS heartbeat extension (CVE-2014-0160). It focuses on demonstrating and testing the flaw rather than being a general-purpose security toolkit, which makes the code approachable for learning and auditing. The project illustrates how a malformed heartbeat request could coax vulnerable servers into leaking memory contents, including potentially sensitive data. ...

COMMON VULNERABILITIES AND EXPOSURES (CVEŽ) DATABASE BROWSER, CVEBROWSER A web search engine for the CVE dictionary, targeted to be used on a intranet. CVEBrowser uses Java Servlets / JSP and MySQL and its designed to work well on RedHat