UBUNTU-CVE-2018-6559

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace...

DbgShell - A PowerShell Front-End For The Windows Debugger Engine

A PowerShell front-end for the Windows debugger engine. Ready to tab your way to glory? For a quicker intro, take a look at Getting Started. Disclaimers 1. This project is not produced, endorsed, or monitored by the Windows debugger team. While the debugger team welcomes feedback about their API...

Gitlab -- multiple vulnerabilities

Gitlab reports: Merge request information disclosure Private project namespace information disclosure Gitlab Flavored Markdown API information disclosure...

Android (zygote->init;) Chain from USB Privilege Escalation Exploit

Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...

Android - 'zygote->init;' Chain from USB Privilege Escalation

After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a privilege escalation path from zygote to init; that...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

Cisco Identity Services Engine Struts2 Namespace Vulnerability

According to its self-reported version, the Cisco Identity Services Engine Software is affected by a struts2 namespace vulnerability. Please see the included Cisco BID and the Cisco Security Advisory for more information. TRUSTED...

Security fix for the ALT Linux 10 package node version 8.11.4-alt1

Aug. 29, 2018 Vitaly Lipatov 8.11.4-alt1 - new version 8.11.4 with rpmrb script - 2018-08-15, Version 8.11.4 'Carbon' LTS, @rvagg - CVE-2018-0732, CVE-2018-12115 - build with external libnghttp2 - fix build with ICU = 61 add -DUUSINGICUNAMESPACE=1...

Apache Struts Vulnerability CVE-2018-11776

On Wednesday, August 22nd, the Apache team patched another vulnerability in the Apache Struts2 framework. Apache Struts is an open-source web application framework for developing Java web applications. The vulnerability exists when these conditions are met: 1. The alwaysSelectFullNamespace flag...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

BSA-2018-700

Security Advisory ID : BSA-2018-700 Component : Apache Struts 2 Revision : 1.0: Final Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same...

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

Apache Struts2 S2-057 Remote Code Execution Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 S2-057 remote code execution vulnerability. Vulnerability triggering conditions : 1 , define the XML configuration when the...

HackerOne: @wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant.

Hola amigos, First off, I know RFCs are annoying. Second of all, namespace attacks are a btch. With that out of the way, here is an Inti-bug that was discovered as a result of reading RFC2142 very carefully. Brief summary of RFC2142 RFC2142 defines a standard set of email addresses that cover...

Denial Of Service (DoS)

libxslt.so is vulnerable to denial of service DoS attacks. The library does not properly handle namespace nodes, allowing a malicious user to pass a file to the application to cause an out-of-bounds memory heap-access that can crash the application or execute arbitrary code...

Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions

Table of Contents A Thin Layer of Chrome Extension Security Prior-Art Isolated But Talkative Worlds A Quick Disclaimer Home is Where the manifest.json Is - The Basic Extension Layout The Extension Architecture, Namespace Isolation and the DOM The Same Origin Policy SOP in the Chrome Extension Wor...