. NET advanced code audit（the first lesson）XmlSerializer deserialization vulnerability-vulnerability warning-the black bar safety net

在.NET in the framework of the XmlSerializer class is a great tool, it is a highly structured XML data is mapped to . NET objects. The XmlSerializer class in the program through a single API call to perform the XML document and the object conversion between. The conversion mapping rules in the . N...

Dynamic Data Resolver (DDR) - IDA Plugin

This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...

Rockstar Games: Race condition vulnerability on "This Rocks" button.

In this report, the researcher brought to our attention a misbehavior in the "This Rocks" button that we use on the Social Club site. Using curl and a proxy tool such as Burp Suite, an attacker could invoke the "This Rocks" API call multiple times rapidly, and the system would accept multiple...

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

Authentication flaw

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

CVE-2018-7067

Aruba ClearPass Policy Manager vulnerability CVE-2018-7067 is an authentication bypass in the administrative API that can lead to complete cluster compromise. A remote attacker who can reach the admin web interface via the API can bypass authentication and take control of the entire ClearPass clu...

Charles Proxy 4.2 - Local Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

Charles Proxy 4.2 Local Root Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

createmeta() API call does not respect permissions

The API call for createmeta which should return metadata required for creation of issues, does not respect permissions in some cases. I was working on an automation for my team when i discovered this. Following are the details: - The bot account i am using did not have permission to view a certai...

CVE-2013-4317

In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own...

CVE-2016-6813

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...

CVE-2016-6813

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another non-"root" CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn...

Timergrp module denial of service vulnerability in multiple Huawei products

Huawei DP300, RP200, and TE30/40/50/60 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A denial-of-service vulnerability exists in the Timergrp module of multiple Huawei products due to the program's failure to adequately check parameters...

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability(CVE-2017-12084)

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

Circle with Disney Remote Access Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A remote access vulnerability exists in the remote control feature of Circle with Disney version 2.0.1. A remote attacker can exploit th...

Circle with Disney Apid Photo Upload Denial of Service Vulnerability

Summary An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to...

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...