WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

ffmpeg:ffmpeg_AV_CODEC_ID_QDM2_fuzzer: Index-out-of-bounds in qdm2_synthesis_filter

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5679142481166336 Project: ffmpeg Fuzzing engine: libFuzzer Fuzz target: ffmpegAVCODECIDQDM2fuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash...

ffmpeg:ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer: Index-out-of-bounds in vc1_decode_ac_coeff

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5672735195267072 Project: ffmpeg Fuzzing engine: libFuzzer Fuzz target: ffmpegAVCODECIDWMV3IMAGEfuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Cra...

CVE-2017-18460

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation SEC-221...

CVE-2017-18460

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation SEC-221...

Honeywell C200E Controller Module

Binary data 764873.prm...

CVE-2019-1020011

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority...

mpg123/decode_fuzzer: Heap-buffer-overflow in INT123_parse_new_id3

Detailed report: https://oss-fuzz.com/testcase?key=5081170552815616 Project: mpg123 Fuzzer: aflmpg123decodefuzzer Fuzz target binary: decodefuzzer Job Type: aflasanmpg123 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6040000000c0 Crash State: INT123parsenewid3...

imagemagick/encoder_bmp_fuzzer: Use-of-uninitialized-value in cmsMLUgetASCII

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5742789528125440 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderbmpfuzzer Fuzz target binary: encoderbmpfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Apple Issues Silent Update Removing Zoom's Hidden Server

Apple has pushed a silent update to Mac users that removes a hidden web server from Zoom users’ machines. The Zoom web- and video-conferencing service has come under scrutiny for its handling of a zero-day bug CVE-2019–13450 found by researcher Jonathan Leitschuh, which would allow an attacker to...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

Hardcoded credentials

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

Design/Logic Flaw

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin...

CVE-2019-10119

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...

CVE-2019-10120

The CVE-2019-10120 issue affects eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, where an active session ID can be reused after logout to enable automatic login (setAutoLogin). This is caused by session handling that does not invalidate the session on logout. Affected v...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-9150

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported...

July 2019 Security Update Release

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

July 2019 Security Update Release

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...