🐛 bug.directory

      • "Tianfu Cup 2023" Chrome use-after-free
      • “To live is to fight, to fight is to live! - IBM ODM Remote Code Execution
      • 4 exploits, 1 bug - Exploiting CVE-2024-20017 4 Different Ways
      • 15 bugs in Realtek Jungle SDK
      • 21 compilers and 3 orders of magnitude in 60 minutes
      • 30 Years of Decompilation and the Unsolved Structuring Problem - Part 1
      • 30 Years of Decompilation and the Unsolved Structuring Problem - Part 2
      • 2023 CTF Challenge And Write-Up Database
      • 2023 Firmware Security Thread
      • A Catastrophe For Control - Understanding the ScreenConnect Authentication Bypass
      • A Deep Dive into the CoSoSys EndPoint Protector Exploit - Remote Code Execution
      • A Handful of Imagination GPU Vulnerabilities
      • A journey through KiUserExceptionDispatcher
      • A LibAFL Introductory Workshop
      • A review of zero-day in-the-wild exploits in 2023
      • A step-by-step guide to writing an iOS kernel exploit
      • A Trick, The Story Of CVE-2024-26230
      • Accessory Authentication
      • Achieving Remote Code Execution in Steam - a journey into the Remote Play protocol
      • Address Sanitizer for Bare-metal Firmware
      • AMD Radeon DirectX 11 Driver Arbitrary Write
      • An Introduction to Chrome Exploitation - Maglev Edition
      • Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
      • Analyzing Modern DRMs
      • angr for real-world use cases
      • ARLO - I'm Watching You
      • Attack of the clones - Getting RCE in Chrome's renderer with duplicate object properties
      • Attacking Android Binder - Analysis and Exploitation of CVE-2023-20938
      • Attacking UNIX Systems via CUPS, Part I
      • BadgeLife @ Off-By-One Conference 2024
      • Binder Internals
      • Breaking Barriers and Assumptions - Techniques for Privilege Escalation on Windows - Part 3
      • Breaking Bitlocker - Bypassing the Windows Disk Encryption
      • Breaking SIP with Apple-Signed Packages
      • Buffer Overflow in Via H264 Processing
      • Buffer-overflow in Skia
      • Bugs of Yore - A Bug Hunting Journey on VMware's Hypervisor
      • Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack
      • Bypassing Veeam Authentication CVE-2024-29849
      • Bytecode Breakdown - Unraveling Factorio's Lua Security Flaws
      • C++ Unwind Exception Metadata - A Hidden Reverse Engineering Bonanza
      • Can You Get Root With Only a Cigarette Lighter?
      • Chaining N-days to Compromise All - Part 1 — Chrome Renderer RCE
      • Chaining N-days to Compromise All - Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)
      • Chaining N-days to Compromise All - Part 4 — VMware Workstation Information leakage
      • Chaining N-days to Compromise All - Part 6 — Windows Kernel LPE - Get SYSTEM
      • Chaining N-days to Compromise All -Windows Driver LPE - Medium to System
      • Chrome Exploitation - From Zero To Heap-Sandbox Escape
      • CodeQL zero to hero part 3 - Security research with CodeQL
      • corCTF 2024 - trojan-turtles writeup
      • CVE-2020-27786 (Race Condition + Use-After-Free)
      • CVE-2022-22265 Samsung npu driver
      • CVE-2023-6345 - Integer overflow in Skia
      • CVE-2023-26322 - Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability
      • CVE-2023-34992 - Fortinet FortiSIEM Command Injection Deep-Dive
      • CVE-2023-36049 - Microsoft .NET CRLF Injection Arbitrary File Write & Deletion Vulnerability
      • CVE-2023-42942 - xpcroleaccountd Root Privilege Escalation
      • CVE-2023-46263 - Ivanti Avalanche Arbitrary File Upload Vulnerability
      • CVE-2023-52447 - Exploit Technique
      • CVE-2024-0204 - Fortra GoAnywhere MFT Authentication Bypass Deep-Dive
      • CVE-2024-1212 - Unauthenticated Command Injection In Progress Kemp LoadMaster
      • CVE-2024-1283 - Cross-{Cache, Bucket} Browser Exploit
      • CVE-2024-2389 - Command Injection Vulnerability In Progress Flowmon
      • CVE-2024-3832 - Object corruption on wasm functions installation
      • CVE-2024-3914 - V8 UAF
      • CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js
      • CVE-2024-4761 - v8 missing check of WasmObject type cast causes type confusion and OOB access
      • CVE-2024-4947 - Type Confusion in V8
      • CVE-2024-5274 - A Minor Flaw in V8 Parser Leading to Catastrophes
      • CVE-2024-20697 - Windows Libarchive Remote Code Execution Vulnerability
      • CVE-2024-21115 - An Oracle VirtualBox LPE Used To Win Pwn2Own
      • CVE-2024-22058 Ivanti Landesk LPE
      • CVE-2024-25938 - Foxit Reader Barcode widget Calculate event use-after-free vulnerability
      • CVE-2024-27815 - A Buffer Overflow in the XNU Kernel
      • CVE-2024-27822 - macOS PackageKit Privilege Escalation
      • CVE-2024-28183 OTA Anti-Rollback Bypass via TOCTOU in ESP-IDF
      • CVE-2024-29510 – Exploiting Ghostscript using format strings
      • CVE-2024-29511 - Abusing Ghostscript's OCR device
      • CVE-2024-29824 Deep Dive - Ivanti EPM SQL Injection Remote Code Execution Vulnerability
      • CVE-2024-30043 - Abusing URL Parsing Confusion To Exploit XXE On SharePoint Server And Cloud
      • CVE-2024-37079 - VMware vCenter Server Integer Underflow Code Execution Vulnerability
      • CVR - The Mines of Kakadûm
      • Deep Dive into RCU Race Condition - Analysis of TCP-AO UAF (CVE-2024–27394)
      • Deploying Rust in Existing Firmware Codebases
      • Dissecting the CVE-2024-38106 Fix
      • Diving into ADB protocol internals - Pt 1
      • DJI - The ART of obfuscation
      • Do a firmware update for your AirPods...now
      • Driving forward in Android drivers
      • Effective Fuzzing - A Dav1d Case Study
      • Eliminating Memory Safety Vulnerabilities at the Source
      • Emulating RH850 architecture with Unicorn Engine
      • Etiquette for dropping PoCs in 2024? A Linux LPE
      • Evernote RCE - From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
      • Exploit Development - Windows Kernel Exploitation - Debugging Environment and Stack Overflow
      • Exploit GSM
      • Exploitation 4011 - Windows Kernel Exploitation
      • Exploited V8 Bugs in 2024
      • Exploiting a SpiderMonkey - From Integer Range Inconsistency to Bound Check Elimination then RCE
      • Exploiting American Conquest
      • Exploiting Android's Hardened Memory Allocator
      • Exploiting Issue-1472121
      • Exploiting the NT Kernel in 24H2 - New Bugs in Old Code & Side Channels Against KASLR
      • Exploiting V8 at openECSC
      • exploits.club Weekly Newsletter 20 - Special @_manfp Edition
      • Exploring AMD Platform Secure Boot
      • Exploring Counter-Strike - Global Offensive Attack Surface
      • FAQ - The tragedy of low-level exploitation
      • Finding Gadgets for CPU Side-Channels with Static Analysis Tools
      • Finding Vulnerability Variants at Scale
      • FireFox OOB Read via clipboard component
      • Fixing an Elgato HD60 S HDMI capture device with the help of Ghidra
      • Flipping Pages - An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
      • Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
      • From object transition to RCE in the Chrome renderer
      • From Pwn2Own Automotive - Taking Over the Autel Maxicharger
      • Fuzz Everything, Everywhere, All at Once
      • Fuzzer Development - Sandboxing Syscalls
      • Fuzzer Development 3 - Building Bochs, MMU, and File I0
      • Fuzzer Development 4 - Snapshots, Code-Coverage, and Fuzzing
      • Fuzzware Goes Open-Source
      • gaining access to anyones browser without them even visiting a website
      • Gaining kernel code execution on an MTE-enabled Pixel 8
      • Ghidra nanoMIPS ISA module
      • Ghostrace - Exploiting and Mitigating Speculative Race Conditions
      • Ghostwrite CPU Vulnerability
      • Glitching in 3D - Low Cost EMFI Attacks
      • Google And Arm - Raising The Bar on GPU Security
      • Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
      • Hacking a 2014 Tablet...in 2024
      • Hacking Exchange from the Outside In
      • Hardware and firmware reverse engineering primer - dissecting an FPV and video surveillance platform
      • Heap Buffer Overflow In ANGLE
      • Heap exploitation, glibc internals and nifty tricks
      • Hi, My Name Is Keyboard
      • HITCON CTF QUAL 2024 Pwn Challenge Part 1 - Halloween and v8sbx
      • How an old bug in Lighttpd gained new life in AMI BMC, including Lenovo and Intel products
      • How Low Can You Go - An Analysis of 2023 Time-to-Exploit Trends
      • How we found and fixed an eBPF Linux Kernel Vulnerability
      • Hunting Bugs in Nginx JavaScript Engine (njs)
      • Hyper-V 1-day Class - CVE-2024-38127
      • Iconv, set the charset to RCE - Exploiting the glibc to hack the PHP engine part 3
      • IERAE CTF 2024 - Intel CET Bypass Challenge
      • iMessage with PQ3 -The new state of the art in quantum-secure messaging at scale
      • Inside The iOS Bug That Made Deleted Photos Reappear
      • Inside the LogoFAIL PoC - From Integer Overflow to Arbitrary Code Execution
      • Introducing Java fuzz harness synthesis using LLMs
      • Introducing LLM-based harness synthesis for unfuzzed projects
      • Introduction To Windows Secure Channel RCE - CVE-2024-28148
      • iOS - A Journey In The USB Networking Stack
      • ioxide - N_GSM 0 day
      • IPC Fuzzing with Snapshots
      • Ivan Frantic's MacOS Video Decoder Bugs
      • Jailbreaking an Electric Vehicle in 2023
      • Jailbreaking RabbitOS - Uncovering Secret Logs, and GPL Violations
      • Jailbreaking The Apple HomePod - Fun With Checkm8 And Smart Speakers
      • Java Deserialization Tricks
      • Keynote - Rust in the Linux kernel
      • kfd write-ups
      • Leveraging Binary Ninja IL To Reverse a Custom ISA - Cracking The "Pot Of Gold" 37C3
      • Linux - UAF in the tipc_buf_append()
      • Linux Kernel - Vulnerability in the eBPF verifier register limit tracking
      • Linux Kernel CodeQL Queries
      • Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
      • Linux Kernel Int Overflow Leading To Priv Esc
      • Linux RCU internal
      • Listen Up - Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
      • LLM-based Fuzz Harness generation with OSS-Fuzz-gen
      • LLVM's 'RFC - C++ Buffer Hardening' at Google
      • Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
      • Making Mojo Exploits More Difficult
      • Mali GPU Kernel LPE
      • Meta Bug Bounty - Fuzzing "netconsd" for fun and profit
      • Mind the Patch Gap - Exploiting an io_uring Vulnerability in Ubuntu
      • Missing signs - how several brands forgot to secure a key piece of Android
      • mistymntncop - CVE-2022-4262 PoC
      • Modern Anti-Abuse Mechanisms in Competitive Video Games at Black Hat 2024
      • Modern Cryptographic Attacks - A Guide For The Perplexed
      • Molding Lies Into Reality - Exploiting CVE-2024-4358
      • Multiple Vulnerabilities in the Deep Sea Electronics DSE855
      • Nintendo hacking 2023-2008
      • Nintendo Switch Game Hacking Resources
      • nix libX11 - Uncovering and Exploiting a 35-year-old Vulnerability
      • No Way, PHP Strikes Again - CVE-2024-4577
      • NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability
      • One Year of Mobile VRP - Reward Increases and Lessons Learned
      • OpenSSH Backdoors
      • Operation Mango - Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services
      • Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC)
      • OSS-Fuzz Gen
      • OST2 Introductory Course To HyperDbg
      • Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
      • Pixel Tablet Dock (korlan) Secure Boot Bypass
      • Pixel's Proactive Approach to Security - Addressing Vulnerabilities in Cellular Modems
      • PixieFail - Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
      • PoC for CVE-2023-4427
      • Potential One Click MMS RCE on Xiomi via Malicious GIF
      • PowerVR - integer overflows in DevmemXIntMapPages() and DevmemXIntUnmapPages(), exploitable as dangling GPU page table entries
      • Preauth RCE on NVIDIA Triton Server
      • Project Naptime - Evaluating Offensive Security Capabilities of Large Language Models
      • Puckungfu 2 - Another NETGEAR WAN Command Injection
      • Pumping Iron on the Musl Heap - Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
      • Pwn2Own - Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2
      • Pwn2Own - WAN-to-LAN Exploit Showcase
      • Pwn2Own Automotive - CHARX Vulnerability Discovery
      • Pwn2Own Automotive - Popping the CHARX SEC-3100
      • Pwn2Own Automotive 2024 - Hacking the JuiceBox 40
      • Pwn2Own Stories
      • QakBot attacks with Windows zero-day (CVE-2024-30051)
      • QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)
      • Qualys Releases Two glibc Bugs
      • Race condition in 9p File System
      • Race conditions in Linux Kernel perf events
      • Racing round and round - The little bug that could
      • Radek Domanski from FlashBack team on PWN2OWN
      • RCE & SQLi for pre-auth RCE in IP.Board e-commerce plugin ‘nexus’
      • RCE on Ollama
      • Reasons for the Unreasonable Success of Fuzzing
      • Recovering an ECU firmware using disassembler and branches
      • regreSSHion - RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387)
      • Relution Remote Code Execution via Java Deserialization Vulnerability
      • Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface
      • Resurrecting Internet Explorer - Threat Actors Using Zero-Day Tricks In Internet Shortcut File To Lure Victims
      • Return of the JIT
      • Reverse Engineering The XZ Backdoor
      • Review of the SAILR paper
      • Ring Around The Regex - Lessons learned from fuzzing regex libraries (Part 1)
      • Ring Around The Regex - Lessons learned from fuzzing regex libraries (Part 2)
      • Robots Dream of Root Shells
      • ROPing Routers From Scratch - Step-By-Step TEnda Ac8v4 MIPs 0day Flow-Control ROP -> RCE
      • Safer with Google - Advancing Memory Safety
      • Say Friend and Enter - Digitally lockpicking an advanced smart lock
      • Say Friend and Enter - Digitally lockpicking an advanced smart lock (Part 2)
      • Secure by Design - Google’s Perspective on Memory Safety
      • Security research without ever leaving GitHub - From code scanning to CVE via Codespaces and private vulnerability reporting
      • Shuffle Up and Deal - Analyzing the Security of Automated Card Shufflers
      • SIMurai - Slicing Through the Complexity of SIM Card Security Research
      • Sky's the Limit - Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability
      • SLUB Internals for Exploit Developers
      • Smoke and Mirrors - Driver Signatures Are Optional
      • So You Wanna Find Bugs In The Linux Kernel
      • SolarWinds Security Event Manager AMF deserialization RCE (CVE-2024-0692)
      • SSD ADVISORY - D-LINK DIR-X4860 Security Vulnerabilities
      • SSD Advisory - Google Chrome RCE
      • SSD Advisory - Linux Kernel taprio OOB
      • SSD Advisory - TP-LINK VIGI onvif_discovery Overflow
      • SSD Advisory – Foscam R4M UDTMediaServer Buffer Overflow
      • Stardew Valley PRNG Seed Cracking
      • Start Your Engines - Capturing the First Flag in Google's New v8CTF
      • Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part II
      • Streaming vulnerabilities from Windows Kernel (Part 1) - Proxying to Kernel
      • Strengthening the Shield - MTE in Heap Allocators
      • Super Hat Trick - Exploit Chrome and Firefox Four Times
      • Surviving MiraclePtr Navigating of Webp and Beyond by Kira
      • Telegram for Android - Use-after-free in Connection onReceivedData
      • The Boom, the Bust, the Adjust and the Unknown
      • The Exploit Development Lifecycle
      • The FloW Drops PPW
      • The real slim shady - Ivanti Endpoint Manager (EPM) Pre-Auth RCE CVE-2024-29847
      • The V8 Heap Sandbox
      • The Way to Android Root - Exploiting Your GPU on Smartphone
      • The Windows Registry Adventure
      • The Windows Registry Adventure 3 - Learning resources
      • TIKTAG - Breaking ARM’s Memory Tagging Extension with Speculative Execution
      • Tony Hawk's Pro Strcpy
      • Trail Of Bits Handbook - Fuzzing
      • Trail of Bits Testing Handbook
      • UAF in PowerVR
      • UEFI is the new BIOS
      • Unauthenticated Command Execution on Tp-Link AC1350
      • Unburdened By What Has Been - Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos
      • Understanding AddressSanitizer - Better memory safety for your code
      • Underutilized Fuzzing Strategies for Modern Software Testing
      • Universal Code Execution by Chaining Messages in Browser Extensions
      • Vanguard x VALORANT
      • Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
      • VirtualBox Vuln Research Set-Up
      • Vulnerabilities found in VMWare by me
      • Vulnerabilities of Realtek SD card reader driver, part 1
      • Welcome To 2024 - The SSLVPN Chaos Continues
      • When Samsung meets MediaTek - the story of a small bug chain
      • Why Code Security Matters - Even in Hardened Environments
      • Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338
      • Windows WiFi Driver RCE Vulnerability – CVE-2024-30078
      • Winning the AIxCC Qualification Round
      • You Can't Spell WebRTC without RCE - Part 1
      • You Can't Spell WebRTC without RCE - Part 2
      • You Can’t Spell WebRTC without RCE - Part 3
      • ZDI Discloses Lexmark Pwn2Own Bugs
      • ZDI-24-821 - A Remote UAF in The Kernel's net tipc
      • Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
    Home

    ❯

    Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC)

    Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC)

    Oct 23, 20241 min read

    tags:hypervisorOOB_writevirtualbox original link: Oracle VM VirtualBox 7.0.10 r158379 Escape (CVE-2023-22098 PoC) newsletter link: exploits.club Weekly Newsletter 09


    Exploits Club Summary:

    @theFlow0 put out a tweet this week detailing his research into virto-net for VirtualBox last year. He released a “100% reliable escape using an out-of-bounds-write (with ASLR defeat)“. The exploit was posted on the Google Security Research Github repo.


    Graph View

    Backlinks

    • No backlinks found

    Created with Quartz v4.3.1 © 2024

    • GitHub