OSCA-550, OSCA-550A Security Vulnerabilities

CVE-2018-10597

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...

CVE-2018-10599

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...

Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

After being embroiled into controversies over its data sharing practices, it turns out that Facebook had granted inappropriate access to its users' data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New...

Liberapay: Able to View other users income history

Hello, I found an IDOR that i was able to view income history of other users, Steps to reproduce issue, 1. Login into account and fire up Burpsuite 2. The got to profile page and click on view income history 3. Then you can see a request like GET /Liberapay/charts.json HTTP/1.1 Host:...

Remote code execution

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...

Improper access control

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...

CVE-2018-10968

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...

CVE-2018-10967

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...

CVE-2018-10968

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...

CVE-2018-10967

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...

Fedora 27 : knot-resolver (2018-a120d509ab)

Knot Resolver 2.3.0 (2018-04-23) ================================ Security fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) increase resilience against slow lorris attack (security!5) Bugfixes validation: fix...

Fedora 26 : knot-resolver (2018-0c0671072b)

Knot Resolver 2.3.0 (2018-04-23) ================================ Security fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) increase resilience against slow lorris attack (security!5) Bugfixes validation: fix...

Description of the security update for SharePoint Server 2010: May 8, 2018

Description of the security update for SharePoint Server 2010: May 8, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following.....

Digital Guardian Management Console 7.1.2.0015 Shell Upload

...

Threatpost RSA Conference 2018 Preview

The RSA Conference 2018 kicks off this week in San Francisco, drawing attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools for the coming year. This year’s conference has more than 650 exhibitors and 550 sessions covering...

Denial Of Service (DoS) Via Out-of-bounds Read

libarchive.so is vulnerable to Denial of Service (DoS) via out-of-bounds read. The vulnerability is possible because a malicious .mtree file can be passed to process_add_entry() function in archive_read_support_format_mtree.c, leading to out-of-bounds...

Description of the security update for SharePoint Server 2010: April 10, 2018

Description of the security update for SharePoint Server 2010: April 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Information disclosure

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka...

CVE-2018-9056

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka...

Internet Bug Bounty: memory corruption while parsing HTTP response

In the network interfacing PHP API file_get_contents(), a mechanism is implemented to parse the HTTP/S response from the remote host. A vulnerability is found when the vulnerable PHP build processes certain malformed HTTP/S response packets, resulting an array negative indexing. Vulnerable code...

mobilcom-debitel.de XSS vulnerability

Open Bug Bounty ID: OBB-565909 Description| Value ---|--- Affected Website:| mobilcom-debitel.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated...

Description of the security update for Outlook 2007: February 13, 2018

Description of the security update for Outlook 2007: February 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Description of the security update for Outlook 2013: February 13, 2018

Description of the security update for Outlook 2013: February 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

LibreOffice < 6.0.1 - =WEBSERVICE Remote Arbitrary File Disclosure Vulnerability

Exploit for linux platform in category remote...

LibreOffice &lt; 6.0.1 - &#039;=WEBSERVICE&#039; Remote Arbitrary File Disclosure

...

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File Disclosure

LibreOffice 6.0.1 - WEBSERVICE Remote Arbitrary File...

LibreOffice Arbitrary File Disclosure

...

interactivo.eluniversal.com.mx XSS vulnerability

Open Bug Bounty ID: OBB-524686 Description| Value ---|--- Affected Website:| interactivo.eluniversal.com.mx Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1....

Description of the security update for SharePoint Server 2010: January 9, 2018

Description of the security update for SharePoint Server 2010: January 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft.....

Description of the security update for Outlook 2013: January 9, 2018

Description of the security update for Outlook 2013: January 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

Default configuration

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data...

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data...

Information disclosure

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

Information disclosure

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute...

CVE-2017-4940

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might.....

CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of...

ws - Denial of Service

This module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially crafted value of the Sec-WebSocket-Extensions header on the initial WebSocket upgrade request, the ws component will...

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...

ROKRAT Reloaded

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Executive Summary Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to...

Denial of Service

Overview Affected versions of ws can crash when a specially crafted Sec-WebSocket-Extensions header containing Object.prototype property names as extension or parameter names is sent. Proof of concept ``` const WebSocket = require('ws'); const net = require('net'); const wss = new...

Threat Spotlight: Follow the Bad Rabbit

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbitUpdate 2017-10-26 09:20...

HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability(CVE-2016-4331)

Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...

Description of the security update for Outlook 2013: October 10, 2017

Description of the security update for Outlook 2013: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Threat Outbreak Alert RuleID30790: Email Messages Distributing Malicious Software on September 28, 2017

Medium Alert ID: 55412 First Published: 2017 September 28 19:53 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID30790) may contain the following...

CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC...

EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)

...

EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)

EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow...