Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combine the issues mentioned below with a bug in Chromium to escape its sandbox. HTTP - SMB NTLM...

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...

CVE-2019-5286

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007...

Design/Logic Flaw

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007...

CVE-2019-5286

CVE-2019-5286 is a reflected XSS vulnerability in Huawei HedEx/HedEx Lite prior to V200R006C00SPC007. Attackers can lure users to click malicious links to trigger client-side script execution. Affected: HedEx Lite versions earlier than V200R006C00SPC007; the Huawei PSIRT advisory HWPSIRT-2018-121...

Fedora 29 : php (2019-8c4b25b5ec)

"PHP version 7.2.19 30 May 2019 EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921 static.php.net doesn't work anymore. Peter Kokot GD: - Fixed bug php77943...

Fedora 30 : php (2019-be4f895015)

"PHP version 7.3.6 30 May 2019 cURL: - Implemented FR php72189 Add missing CURLVERSION constants. Javier Spagnoletti EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921...

HPE Intelligent Management Center (IMC) TopoMsgServlet Java Reflection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A TopoMsgServlet Java reflection remote code execution vulnerability exists in HPE Intelligent Management...

EulerOS 2.0 SP5 : freeradius (EulerOS-SA-2019-1574)

According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 Note that Tenable Network Security has extracted the preceding...

The original Java deserialization remote execution vulnerabilities so simple-vulnerability warning-the black bar safety net

Here we for Java deserialization issue caused remote code execution vulnerability principles are introduced. In order to simplify the description,without introducing a 3rd party library under the premise of the Operation, HOPE can serve to initiate the effect. There are 3 main parts: The Java...

Authentication Bypass

FreeRADIUS is vulnerable to authentication bypass. Remote unauthenticated attackers could exploit a flaw since the application does not prevent the use of reflection for authentication spoofing, aka a "Dragonblood" issue...

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

Fedora 28 : php (2019-bab3944fee)

PHP version 7.2.18 02 May 2019 CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036 Stas Interbase: - Fixed bug php72175 Impossibility of creating multiple connections to...

Fedora 30 : php (2019-6350c4e21a)

PHP version 7.3.5 02 May 2019 Core: - Fixed bug php77903 ArrayIterator stops iterating after offsetSet call. Nikita CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036...

Fedora 29 : php (2019-6e325234a4)

PHP version 7.2.18 02 May 2019 CLI: - Fixed bug php77794 Incorrect Date header format in built-in server. kelunik EXIF - Fixed bug php77950 Heap-buffer-overflow in estrndup via exifprocessIFDTAG. CVE-2019-11036 Stas Interbase: - Fixed bug php72175 Impossibility of creating multiple connections to...

Scientific Linux Security Update : freeradius on SL7.x x86_64 (20190509)

Security Fixes : - freeradius: eap-pwd: authentication bypass via an invalid curve attack CVE-2019-11235 - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An improper permission check issue was discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

ALPINE-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...