IndraMotion MLC L20, L40 Security Vulnerabilities

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this....

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this....

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this....

Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability(CVE-2017-2819)

Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under...

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and restic seems to tick all the boxes for my...

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and restic seems to tick all the boxes for my...

Rowhammer Attacks Come to MLC NAND Flash Memory

The Rowhammer attacks developed by Google more than two years ago put the focus on hardware front and center. That research allowed attackers to flip dynamic random access memory (DRAM) bits in order to induce those memory cells to change their state. Google’s research enabled kernel-level...

Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under...

WordPress FancyProductDesigner 3.4.2 Stored XSS Vulnerability

WordPress FancyProductDesigner plugin versions prior to 3.4.2 suffer from a persistent cross site scripting vulnerability due to improper sanitization, allowing malicious .svg file...

WordPress FancyProductDesigner 3.4.2 Stored XSS

...

Threat Outbreak Alert RuleID28255: Email Messages Distributing Malicious Software on March 13, 2017

Medium Alert ID: 53004 First Published: 2017 March 13 13:45 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID28255) may contain the following...

GitLab: Gitlab.com is vulnerable to reverse tabnabbing. (#2)

Dear GitLab bug bounty team, Summary Gitlab.com is vulnerable to reverse tabnabbing in issues, comments, etc. This is the same type of issue as https://hackerone.com/reports/211065, but far worse since in the previous report only a user with developer access to a project could view the...

The Microsoft DirectX graphics kernel subsystem elevation of privilege vulnerability MS16-062）

来源: 腾讯科恩实验室官方博客 作者： Daniel King (@long123king) 如何攻破微软的Edge浏览器 攻破微软的Edge浏览器至少需要包含两方面基本要素：浏览器层面的远程代码执行(RCE: Remote Code Execution)和浏览器沙箱绕过。 浏览器层面的远程代码执行通常通过利用Javascript脚本的漏洞完成，而浏览器的沙箱绕过则可以有多种方式，比如用户态的逻辑漏洞，以及通过内核漏洞达到本地提权(EoP: Escalation of Privilege)。...

Paragon Initiative Enterprises: Not using Binary::safe* functions for substr/strlen function

Several places in the code don't use Binary::safe or CryptoUtil::safe functions, but use raw functions instead (strlen/substr) which can act as mb_funcname instead (not count bytes for strlen/etc...) 1....

Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)

当指定的元素设置white-space属性为pre-line时，IE会通过AllocData2Pos函数分配内存，并通过CTreeDataPos来实例化该内存块。 CTreeDataPos将作为CTreePos，其中保存了CTreePos对应元素（white-space属性为pre-line的元素）的CTreeNode地址，同时将其加入DOM树。...

Windows Vista / 7 lpksetup. exe the DLL-hijacking-vulnerability warning-the black bar safety net

/* Exploit: Windows Vista/7 lpksetup.exe (oci.dll) DLL Hijacking Vulnerability Extension: the . mlc Author: Tyler Borland ([email protected]) Date: 10/20/2010 Tested on: Windows 7 Ultimate (Windows Vista Ultimate/Enterpries and Windows 7 Enterprise should be vulnerable as well) Effect:...

Windows Vista/7 lpksetup.exe DLL Hijacking

...

Microsoft Windows Vista - lpksetup.exe oci.dll DLL Loading Arbitrary Code Execution

Microsoft Windows Vista - lpksetup.exe oci.dll DLL Loading Arbitrary Code...

Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution

...

CVE-2010-2151

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...

CVE-2010-2149

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...

Session fixation

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...

Cross site request forgery (csrf)

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...

JVN#36925871: e-Pares vulnerable to session fixation

e-Pares is a system that manages facility (conference rooms, etc.) information. e-Pares contains a session fixation vulnerability. ## Impact A remote attacker impersonating a logged in user may perform arbitrary operations. As a result, disclosure or alteration of information may occur. ##...

JVN#82465391: e-Pares vulnerable to cross-site request forgery

e-Pares is a system that manages facility (conference rooms, etc.) information. e-Pares contains a cross-site request forgery vulnerability. ## Impact If a user views a malicious page while logged into e-Pares, facility reservation data may be altered. ## Solution Update the Software Update to the....

Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

No description provided by...

Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation In protected mode, cpl is usually equal to the two least significant bits of the cs register. However, there is an exception: in Virtual-8086 mode, the cpl is always 3 (least privileged), regardless of the value of the...