Command Injection

Overview Versions of ascii-art before 1.4.4 are vulnerable to command injection. This is exploitable when user input is passed into the argument of the ascii-art preview command. Example Proof of concept: ascii-art preview 'doom"; touch /tmp/malicious; echo "' Given that the input is passed on th...

Robber - Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...

binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable

The bfdsectionfromshdr function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service segmentation fault via a large attribute section...

binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash

The swapstdrelocin function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service aout32swapstdrelocout NULL pointer dereference and application crash via a crafted ELF file, as demonstrated by...

binutils: Integer overflow in the display_debug_ranges function resulting in crash

The displaydebugranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump...

Keybase: Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]

Summary 1. Missing quarantine attribute for downloaded files allows remote attacker to send executable file that won't be checked by Gatekeeper codesign bypass. 2. Since sent executable files lack com.apple.quarantine meta-attribute, no alert about launching executable file from the web will be...

DEBIAN-CVE-2018-18701

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could leverage this vulnerability t...

Ubuntu: Security Advisory (USN-3354-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the computerdefaults component of the Windows operating system, related to access control errors, allows a perpetrator to escalate their privileges through bypassing the UAC mechanism.

The vulnerability of the computer Defaults.exe component of the Windows operating system is related to access control errors. Exploiting this vulnerability could allow an attacker to enhance their privileges by bypassing the UAC mechanism through manipulation of the registry...

Information Disclosure

ansible is vulnerable to information disclosure. The vulnerability exists in the user module when it passes the sshkeypassphrase value to the ssh-keygen executable as a parameter, allowing any user with access to the process list to retrieve the passphrase in cleartext...

GNU Binutils Binary File Descriptor library null pointer dereference vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)

This update for MozillaFirefox to version ESR 52.9 fixes the following issues : CVE-2018-5188: Various memory safety bugs bsc1098998 CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12365:...

UBUNTU-CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlibaddsymbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by eu-ranlib, because a zero shentsize is mishandled...

GHSA-683W-6H9J-57WQ OWASP AntiSamy vulnerable to Cross-site Scripting

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

OWASP AntiSamy vulnerable to Cross-site Scripting

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

CVE-2018-12368 describes a policy bypass where Windows 10 does not warn before opening SettingContent-ms files, enabling a WebExtension with downloads.open to execute arbitrary code without user interaction. Connected advisories confirm the issue affects Windows 10 and Mozilla products (Thunderbi...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...