Updating Airplanes

If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System FMS and related navigation databases navaids, airspace etc have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy. It’s more common to...

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...

Illegal Memory Access

libcaca.so is vulnerable to illegal memory access. The vulnerability exists because the function loadimage in common-image.c does not allocate proper size of memory for w and h parameters in BMP loader, causing an integer overflow for 4bpp data...

Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-27716 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0131, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087,...

Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US

No description provided...

Apache Solr Remote Command Execution Vulnerability Based on Velocity Templates

Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. A remote command execution vulnerability exists in Apache Solr based o...

CVE-2019-12017

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2019-17534

vipsforeignloadgifscanimage in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free...

CVE-2017-7777

The use of uninitialized memory related to "graphite2::GlyphCache::Loader::readglyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

DOUBLEPULSAR - Payload Execution and Neutralization Exploit

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...

DOUBLEPULSAR Payload Execution / Neutralization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DOUBLEPULSAR Payload Execution and Neutralization', 'Description' = %q This module executes a Metasploit payload against the Equation Group's...

OPENSUSE-SU-2019:2019-1 Security update for schismtracker

This update for schismtracker fixes the following issues: The following security issues were fixed: - CVE-2019-14523: Fixed an integer underflow in the Amiga Oktalyzer parser boo1144266. - CVE-2019-14524: Fixed a heap overflow in the MTM loader boo1144261. The following non-security issues were...

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...

DEBIAN-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

Code injection

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

UBUNTU-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...