CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

The vulnerability of the Storage Service component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Storage Service component in Windows operating systems is related to errors in file operation processing. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the SetJobFileSecurityByName function in the Windows operating system’s task scheduler allows a malicious actor to escalate their privileges.

The vulnerability of the SetJobFileSecurityByName function in the Windows Task Scheduler operating system is related to deficiencies in file operation checks. Exploiting this vulnerability can allow an attacker to increase their privileges...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit

Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV...

Ruby: Null character at fnmatch

I confirmed that it will behave unintentionally when null characters are entered in patterns with fnmatch, fnmatch? . log $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 require 'pathname' = true should not be true irbmain:002:0 File.fnmatch"x\0yz", 'x' = tru...

Kemon - An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring. What is Kemon? An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver...

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon

If third-party vendors want to add new features to the macOS kernel, such as antivirus capabilities, ransomware blocking, data breach auditing, behavior monitoring and so on, they usually need the support of the system’s exported interfaces. At present, only two known official interfaces are...

Design/Logic Flaw

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...

CVE-2017-16604

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16598

This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16592

NetGain Systems Enterprise Manager 7.2.730 build 1034 contains a directory traversal flaw in the common.download_jsp servlet (listening on port 8081 by default). The vulnerability occurs when parsing the filename parameter, where user-supplied paths are not properly validated before file operatio...

Ruby: The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters.

It seems that entries,new, and empty? do not check NULL characters in methods of Dir. log vagrant@localhost $ ls test vagrant@localhost $ irb irbmain:001:0 Dir.open"/home/vagrant\0xxx" do |d| irbmain:002:1 p d.read = "." irbmain:003:1 p d.read = ".." irbmain:004:1 p d.read irbmain:005:1 p d.read...

Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Denial of Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code:...

USN-2933-1: Exim vulnerabilities

It was discovered that Exim incorrectly filtered environment variables when used with the perlstartup configuration option. If the perlstartup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean th...

Redis unauthorized access with SSH key file use analysis: ZoomEye the latest global exclusive data V2-vulnerability warning-the black bar safety net

Updates ! 2. Vulnerability overview Redis by default, it will bind on 0.0.0.0:6 3 7 9, This will be the Redis service exposed to the public Internet, if there is no open authentication, can cause any user can access the target server is not authorized to access Redis and read the Redis data...

DiscuzX 任意文件操作漏洞

简要描述： DiscuzX 任意文件操作漏洞 详细说明： 漏洞实际上是任意文件删除，但是由于删除的函数容易被定位，所以不方便写在简要描述或标题内。 昨天下载DiscuzX 3.2的代码，在 source/include/spacecp/spacecpprofile.php 中找到以下代码： if$GET'deletefile' && isarray$GET'deletefile' foreach$GET'deletefile' as $key = $value ifisset$G'cache''profilesetting'$key echo...

ThinkSAAS某功能设计不当可能导致可以csrf后台GETSHELL

简要描述： ThinkSAAS某处处存在任意文件操作，利用CSRF直接前台导致GETSHELL 详细说明： 首先这里存在问题的是后台系统管理的数据备份还原处。 这里没有过滤sql参数，直接带入，拼接data/baksql/目录，然后进入恢复数据 这里在恢复是判断有没有分卷，没有分卷就直接恢复了，没有处理所要备份的sql文件的路径，类型，内容等，导致操作任意文件。 然后来看看这里数据恢复的操作： 我们抓个包： 我们在前台上传一个图片，图片内容为： Drop TABLE IF EXISTS temp; Create TABLE tempcmd text NOT NULL; Insert IN...