CVE-2021-33323

The CVE-2021-33323 entry describes a vulnerability in the Dynamic Data Mapping module of Liferay Portal 7.1.0–7.3.2 and Liferay DXP 7.1 (before fix pack 19) and 7.2 (before fix pack 7), where autosaving of form values for unauthenticated users can be viewed by loading the form as an unauthenticat...

Liferay Portal 和 Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Talos tools of the trade

By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we...

GaussDB Kernel: Dynamic Data Anonymization

Dynamic data anonymization can flexibly protect privacy data based on customized anonymization policies. Therefore, you are advised to enable enablesecuritypolicy. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver DDR today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2017-11826, a Microsoft Office Word vulnerability allowing arbitrary code execution through DDE injection. The exploit targets Microsoft Office Word, specifically the vulnerability class of remote code execution RCE via DDE Dynamic Data Exchange injection. The probable entry...

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

By Holger Unterbrink Executive summaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

ALPINE-CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

UBUNTU-CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

Dynamic Data Resolver (DDR) - IDA Plugin

This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...

Adwind Dodges AV via DDE

This blog post is authored by Paul Rascagneres, Vitor Ventura and with the contribution of Tomislav Pericin and Robert Perica from ReversingLabs. Introduction Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a new spam campaign that is spreading the Adwind 3.0...

Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign

Introduction FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. Zyklon has been observed in the wild since early 2016 and provides myriad sophisticated capabilities. Zyklon is a publicly available,...

Microsoft Patch Tuesday - December 2017

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities...

Microsoft Publisher 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440)

This host is missing an important security update according to Microsoft Security Advisory 4053440. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Excel 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440)

This host is missing an important security update according to Microsoft Security Advisory 4053440. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange DDE fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Microsoft...

X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection

Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...