Authorization Bypass

OpenJDK is vulnerable to authorization bypass. An improper permission check in the reflection API allows a remote attacker to bypass the Java sandbox restrictions and obtain unauthorized access to resources...

Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)

This module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string. Windows 10 after version 1803, April 2018 update, build 17134 and all versions of Windows Server 2019 are not vulnerable. This module requires...

Fedora 29 : php (2018-08ceba4f8f)

PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...

Fedora 28 : php (2018-9438795217)

PHP version 7.2.8 19 Jul 2018 Core: - Fixed bug php76534 PHP hangs on 'illegal string offset on string references with an error handler. Laruence - Fixed bug php76520 Object creation leaks memory when executed over HTTP. Nikita - Fixed bug php76502 Chain of mixed exceptions and errors does not...

Fedora 28 : php (2018-6855bf9ff3)

PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...

apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*

It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in...

U.S. Dept Of Defense: HTML Injection + XSS Vulnerability - https://████████/ | Proof of Concept [PoC]

Hello U.S. Dept Of Defense Security Team, My name is Ismail Tasdelen. As a security researcher. I found a html injection and xss vulnerability. Url address : https://█████████/ HTML Injection + XSS Payload = html+injection+xss"Ismail Tasdelen Descripton : The server reads data directly from the...

Microsoft Exchange Server NTLM Reflection EWS User Impersonation Vulnerability

This vulnerability allows remote attackers to impersonate arbitrary users on vulnerable installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the use of NTLM authentication in Exchange Server. NTLM responses produced ...

CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

Design/Logic Flaw

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

UBUNTU-CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

DEBIAN-CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

CVE-2018-18541

Teeworlds vulnerability CVE-2018-18541 affects versions before 0.6.5, where connection packets could be forged due to lack of a challenge–response during connection setup. A remote attacker could spoof a IP to occupy all server slots or perform reflection attacks using map download packets. The i...

CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol";'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old...

GHSA-JC7R-V6FG-2GPF Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol";'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old...

GHSA-4446-656P-F54G Deserialization of Untrusted Data in Bouncy castle

Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an...

hibernate-validator: Privilege escalation when running under the security manager

It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an...