php:php-fuzz-execute: Use-of-uninitialized-value in zend_generator_search_multi_children_node

Detailed Report: https://oss-fuzz.com/testcase?key=5146486399303680 Project: php Fuzzing Engine: libFuzzer Fuzz Target: php-fuzz-execute Job Type: libfuzzermsanphp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: zendgeneratorsearchmultichildrennode...

Threat Roundup for September 4 to September 11

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 4 and Sept. 11. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

PCI DSS compliance: why it’s important and how to adhere

PCI DSS is short for Payment Card Industry Data Security Standard. Every party involved in accepting credit card payments is expected to comply with the PCI DSS. The PCI Standard is mandated by the card brands, but administered by the Payment Card Industry Security Standards Council PCI SSC. The...

libyal:libewf_handle_fuzzer: Heap-buffer-overflow in libfvalue_table_copy_from_utf8_xml_string

Detailed Report: https://oss-fuzz.com/testcase?key=4872028845506560 Project: libyal Fuzzing Engine: libFuzzer Fuzz Target: libewfhandlefuzzer Job Type: libfuzzerasanlibyal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x618000000398 Crash State:...

CVE-2020-7831

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however...

CVE-2020-7831

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however...

[SECURITY] [DLA 2338-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2338-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 22, 2020 https://wiki.debian.org/LTS -...

Cloud-Sniper - Virtual Security Operations Center

Cloud Security Operations What is Cloud Sniper? Cloud Sniper is a platform designed to manage Security Operations in cloud environments. It is an open platform which allows responding to security incidents by accurately analyzing and correlating native cloud artifacts. It is to be used as a Virtu...

Threat Roundup for August 14 to August 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 14 and Aug. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

[SECURITY] Fedora 31 Update: lilypond-2.19.84-3.fc31

LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

CVE-2020-16169

Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified...

Threat Roundup for July 31 to August 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 and Aug. 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Threat Roundup for July 24 to July 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 24 and July 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

[SECURITY] Fedora 32 Update: clamav-0.102.4-1.fc32

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 31 Update: clamav-0.102.4-1.fc31

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

Autoenum - Automatic Service Enumeration Script

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments i.e. HTB, VulnHub, OSCP and draws a bit from a number of existing tools including AutoRecon https://github.com/Tib3rius/AutoRecon, Auto-Rec...

CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

Improper access control

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

CVE-2020-8207

CVE-2020-8207 concerns Citrix Workspace app for Windows (1912 CU1 and 2006.1) where an improper access control in the Citrix Workspace Updater Service allows privilege escalation and code execution when the automatic updater is running. The vulnerability stems from the UpdateFilePath/UpdateFileHa...