Time Travel Debugging: finding Windows GDI flaws

Introduction Microsoft Patches for October 2018 included a total of 49 security patches. There were many interesting ones including kernel privilege escalation as well as critical ones which could lead to remote code execution such as the MSXML one. In this post we will be analysing a case of a W...

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure of stack trace vulnerability (CVE-2018-1553)

Summary IBM Tivoli Netcool Impact has addressed the following vulnerability. IBM WebSphere Application Server Liberty which ships in IBM Tivoli Netcool Impact could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature...

Security Bulletin: Stack Trace Vulnerability Affects IBM B2B Advanced Communication (CVE-2016-0378)

Summary IBM B2B Advanced Communications has addressed the stack trace display issue when no default error page was set up. Vulnerability Details CVEID: CVE-2016-0378 DESCRIPTION: IBM B2B Advanced Communications could allow a remote attacker to obtain sensitive information caused by improper...

3CX Information Disclosure Vulnerability

3CX is an IP telephony device from 3CX USA. An information disclosure vulnerability exists in the web server in 3CX 15.5.8801.3. The vulnerability stems from a failure of the program to properly handle errors in the stack trace. An attacker could exploit this vulnerability to disclose information...

CVE-2018-14925

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components...

CVE-2018-14907

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...

WebRTC - H264 NAL Packet Processing Type Confusion Exploit

Exploit for multiple platform in category dos / poc Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before th...

WebRTC - H264 NAL Packet Processing Type Confusion

Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...

Chrome V8 KeyAccumulator Bug Exploit

Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash. Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of th...

Security Bulletin: Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY affect IBM Spectrum LSF Application Center

Summary Information disclosure of stack trace in browser window in WebSphere Application Server LIBERTY Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptio...

Information disclosure

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...

Security Bulletin: Information Disclosure ClearQuest Web stack traces (CVE-2012-2168)

Summary IBM Rational ClearQuest Web sometimes displays stack trace information in error messages. This is considered an information disclosure that may be assistance to attackers in crafting their attacks. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred

Summary IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist. Liberty is bundled/embedded with Algo One ARA in Algo One versions 5.0 and 5.1. IBM Algo One Algo Risk...

gif2apng 1.9 - '.gif' Stack Buffer Overflow

Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer overflow when a malformed gif is supplied. Following i...

Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion Exploit

Exploit for multiple platform in category dos / poc Chrome: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps...

Monero: Buffer out of bound read in miniupnpc xml parser

Summary: This is a buffer oob read vulnerability in miniupnpc when parsing xml response. This vulnerability could result in denial of service attack in monero client to in local area Network. Description: In miniupnpc, file "Minixml.c": The funnction parseelt: static void parseeltstruct xmlparser...

Easy File Sharing Web Server 7.2 - Stack Buffer Overflow

Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Date: 03/24/2018 Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe...