-
Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.
jsc
-
1
Exploits Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access
Webkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform. View the full article- 1337day-Exploits
- Thread
- access argumentseliminationphase::transform exploits jit jsc uninitialized variable webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits JSC YarrJIT initParenContextFreeList Byte Overwrite
A bug in JSC YarrJIT initParenContextFreeList allows for bytes to be overwritten. View the full article- 1337day-Exploits
- Thread
- byte exploits initparencontextfreelist jsc overwrite yarrjit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits JSC BytecodeGenerator::emitEqualityOpImpl Data Mishandling
JSC suffers from a data mishandling bug in ytecodeGenerator::emitEqualityOpImpl. View the full article- 1337day-Exploits
- Thread
- bytecodegenerator::emitequalityopimpl data exploits jsc mishandling
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC reifyStaticProperty Attribute Flag Issue
WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter. View the full article- 1337day-Exploits
- Thread
- attribute exploits flag issue jsc reifystaticproperty webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
WebKit JSC JIT Use-After-Free [CVE-2018-4442]
Hidden content- dEEpEst
- Thread
- cve-2018-4442 exploit jit jsc use-after-free webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC JIT Use-After-Free
The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings...- 1337day-Exploits
- Thread
- exploits jit jsc use-after-free webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC AbstractValue::set Use-After-Free
WebKit JSC suffers from a use-after-free vulnerability that can be used to bypass write barriers. View the full article- 1337day-Exploits
- Thread
- abstractvalue::set exploits jsc use-after-free webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write
WebKit JSC suffers from out-of-bounds read and write vulnerabilities in JSArray::shiftCountWithArrayStorage. View the full article- 1337day-Exploits
- Thread
- exploits jsarray::shiftcountwitharraystorage jsc out-of-band read webkit write
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC ForInContext Invalidation
WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object. View the full article- 1337day-Exploits
- Thread
- exploits forincontext invalidation jsc webkit
- Replies: 0
- Forum: Exploit Development & Bugs
-
1
Exploits WebKit JSC JIT JSPropertyNameEnumerator Type Confusion
When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is...- 1337day-Exploits
- Thread
- confusion exploits jit jsc jspropertynameenumerator type webkit
- Replies: 0
- Forum: Exploit Development & Bugs
jsc
