CVE-2017-12579

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...

Apache Solr 7.0.1 XXE Injection / Code Execution

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

Xxe

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

UBUNTU-CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2017-32534)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to bypass the Xray wrapper protection mechanism...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...

Introducing pywintrace: A Python Wrapper for ETW

ARCHIVED STORY Introducing pywintrace: A Python Wrapper for ETW By Anthony Berglund, Kevin Boyd · September 19, 2017 Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and...

Introducing pywintrace: A Python Wrapper for ETW

ARCHIVED STORY Introducing pywintrace: A Python Wrapper for ETW By Anthony Berglund, Kevin Boyd · September 19, 2017 Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and...

For Youtube advanced Flash vulnerability bug research-vulnerability warning-the black bar safety net

A, media Flash is still a lively intimidating origin. In 2017, I isolated to Facebook, Youtube, WordPress, Yahoo, Paypal and Stripe to submit a Flash flaws. In the past 3 years, I to the flaws winning the narratives presented across 50 Flash flaws, get across the 80k dollar awards. Since Spirit i...

Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation

CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...

Remote Code Execution (RCE)

OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...

Fedora 25 : php (2017-b674dc22ad)

PHP version 7.0.21 06 Jul 2017 Core: - Fixed bug php74738 Multiple PATH= and HOST= sections not properly parsed. Manuel Mausz - Fixed bug php74658 Undefined constants in array properties result in broken properties. Laruence - Fixed misparsing of abstract unix domain socket names. Sara - Fixed bu...

CVE-2017-8565

Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShel...

openstack-nova: Sensitive information included in legacy notification exception contexts

An information exposure issue was discovered in OpenStack Compute's exceptionwrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens...

openstack-nova: Sensitive information included in legacy notification exception contexts

An information exposure issue was discovered in OpenStack Compute's exceptionwrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens...

Poppler pdfunite Denial of Service Vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. pdfunite is a Ruby wrapper. Poppler 0.55.0 and previous versions of pdfunit has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service...

Mercurial Custom hg-ssh Wrapper Remote Code Execution Exploit

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution. This module requires Metasploit:...

Mercurial Custom hg-ssh Wrapper Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mercurial Custom hg-ssh Wrapper Remote Code Exec", 'Description' = %q This module takes advantage of custom hg-ssh wrapper implementations that...