OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

VulnCheck KEV: CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with...

DNSExfiltrator - Data exfiltration over DNS request covert channel

DNSExfiltrator allows for transfering exfiltrate a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: 1. The server side , coming as a single python script dnsexfiltrator.py, which act...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

docpad-plugin-hapi (>=2.0.13 <=2.3.3), hapi-advisories (>=0.0.1 <=0.0.6) +7 more potentially affected by CVE-2014-3742 via hapi (>=2.0.0 <=2.1.2)

hapi NPM version =2.0.0, =2.0.13, =0.0.1, =0.9.2, =0.3.0, =0.14.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =1.0.0 Source cves: CVE-2014-3742 Source advisory: OSV:GHSA-CQR7-78PJ-3G7J...

ShadowSocks ConnecTion - A Wrapper Tool For Shadowsocks To Consistently Bypass Firewalls

A wrapper tool for shadowsocks to consistently bypass firewalls. Quick start Automatically connect The easiest way to run this tool is just type ssct in terminal, and ssct will acquire available shadowsocks servers from ishadowsocks and connect to it automatically. Connect to a specific server...

CVE-2017-12579

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...

Design/Logic Flaw

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...

CVE-2017-12579

The CVE concerns the HashiCorp Vagrant VMware Fusion plugin (vagrant-vmware-fusion) up to version 4.0.24, where an insecure SUID wrapper binary allows a non-root user to obtain a root shell. The root cause is described as a design/implementation flaw in the plugin’s handling of privileged operati...

CVE-2017-12579

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...

Apache Solr 7.0.1 XXE Injection / Code Execution

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

Xxe

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

UBUNTU-CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2017-32534)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to bypass the Xray wrapper protection mechanism...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...