Windows Hyper-V Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source. To exploit this vulnerability, an attacker would need to reboot a guest virtual machine numerous times until the vulnerability is triggered. The security update addresses the...

Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.16.2. It, therefore, is affected by multiple vulnerabilities: - A denial of service vulnerability exists in MultipartStrea.java in Apache Commons FileUpload due to failure to handle exceptional conditions. A remote,...

Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar

There are lots of Holy Grails when it comes to compromising endpoints. One of them has long been an attack that leads to kernel ring0 access on a Windows system. That translates into so-called “God Mode” for hackers — and “game over” for victims. This is why Microsoft has gone to great lengths ov...

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...

Kronos Banking Trojan Surfaces After Years of Silence

The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...

CVE-2017-3197

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...

Smoking Guns - Smoke Loader learned new tricks

This post is authored by Ben Baker and Holger Unterbrink Overview Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following an alert from Cisco Advanced Malware Protection’s AMP Exploit...

PYSEC-2018-49

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

UBUNTU-CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

DEBIAN-CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

New Malware Family Uses Custom UDP Protocol for C&C Communications

Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto, the hacking group, which they...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Tegra_Bootrom_Rcm

This is a proof-of-concept arbitrary code loader for Tegra processors, which takes advantage of CVE-2018-6242 "Fusée Gelée" to gain arbitrary code execution and load small payloads over USB. The vulnerability is documented in the 'report' subfolder, and more details and guides are to follow. The...

Linaro LAVA Remote Code Execution Vulnerability

Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1, which stems from the program using the 'yaml.load' function instead of the...

Security Bulletin: Rational Insight - Apache Struts used by WebSphere Application Server 6.1 and 7 (CVE-2014-0114)

Summary There is a classloader manipulation vulnerability in the Apache Struts that is used by the IBM WebSphere Application Server 6.1 and 7.0. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more informatio...

Security Bulletin: Incorrect SSL/TLS handling in Remote Artifact Loader in IBM Business Process Manager Advanced and WebSphere Process Server

Summary IBM WebSphere Process Server and IBM Business Process Manager Advanced have a component "Remote Artifact Loader" RAL that allows access to artifacts contained in other applications. In remote access cases a HTTPS connection from the RAL client to the RAL server is established. This HTTPS...

Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)

Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...

Exiv2 integer overflow vulnerability (CNVD-2018-14425)

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides for reading and writing image metadata in a variety of formats including EXIF, IPTC and XMP. An integer overflow vulnerability exists in the LoaderExifJpe...

DEBIAN-CVE-2018-12265

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp...

UBUNTU-CVE-2018-12264

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

WebKit not_number defineProperties Use-After-Free Exploit

Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...