Ursnif Trojan Adopts New Code Injection Technique

Hackers are testing a new variation of the Ursnif Trojan aimed at Australian bank customers that utilizes novel code injection techniques. Since the summer of 2017, IBM X-Force researchers report that Ursnif or Gozi samples have been tested in wild by a new malware developer. The samples are a...

X (Formerly Twitter): Improper Host Detection During Team Up on tweetdeck.twitter.com

Hi Give this url https://twitter.com/teams/authorize?targetscreenname=&authorizecallback=https%3A%2F%2F%0Agoogle.com%[email protected] to any authorised user for team up and after authorization of his 2nd account he will be redirected to google.com . First I tried to make it malicious with adding...

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

EasySNS Minimalist Community callback_setinfo method suffers from SQL injection vulnerability

EasySNS Minimalist Community is for the new database architecture and program structure, to the group as the basic unit to form an interactive community. There is a SQL injection vulnerability in the callbacksetinfo method of EasySNS Minimalist Community. The vulnerability is due to the failure o...

EasySNS Minimalist Community groupinfo method, commentadd_callback method suffer from SQL injection vulnerability

EasySNS Minimalist Community is for the new database architecture and program structure, to the group as the basic unit to form an interactive community. A SQL injection vulnerability exists in the groupinfo and commentaddcallback methods of EasySNS Minimalist Community. The vulnerability is due ...

Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free

Microsoft IE11: use-after-free in jscript!JsErrorToString CVE-2017-11810 There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8 and back. However, IE11 can still load it if put into IE8 compatibility mode and ...

Red Hat JBoss KeyCloak Cross-Site Request Forgery Vulnerability

Red Hat JBoss KeyCloak is the United States Red Hat Red Hat company's open source for modern applications and services in the authentication and access management software. A cross-site request forgery vulnerability exists in the org.keycloak.services.resources.SocialResource.callback method in R...

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

Microsoft Edge Chakra JIT - RegexHelper::StringReplace Must Call the Callback Function with Updating ImplicitCallFlags

Microsoft Edge Chakra JIT - RegexHelper::StringReplace Must Call the Callback Function with Updating ImplicitCallFlags / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1334 The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls...

Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1334 The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But "RegexHelper::StringReplace"...

Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call Exploit

The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But "RegexHelper::StringReplace" calls the replace function without updating the flag. Therefore it fails...

FreeBSD : ansible -- information disclosure flaw (478d4102-2319-4026-b3b2-a57c48f159ac)

ansible developers report : Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the nolog directive where the information may not be sanitized properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability(CVE-2017-2848)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

Fedora 26 : libzip (2017-840db88351)

Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper: - Also show a gpg key's subkeys. bsc1008325 - Improve signature...

openSUSE Security Update : libzypp / zypper (openSUSE-2017-1009)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper : - Also show a gpg key's subkeys. bsc1008325 - Improve signatur...

SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2017:2344-1)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : - Adapt to work with GnuPG 2.1.23. bsc1054088 - Support signing with subkeys. bsc1008325 - Enhance sort order for media.1/products. bsc1054671 zypper : - Also show a gpg key's subkeys. bsc1008325 - Improve signatur...

SQL injection vulnerability in OURPHP backend ourphp_callback.php page

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. A SQL injection vulnerability exists in the background ourphpcallback.php page of OURPHP. Attackers can use this vulnerability to obtain sensitive database informatio...

SQLite 'dump_callback' function denial of service vulnerability

SQLite is an open source C-based embedded relational database management system developed by American software developer D. Richard Hipp. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in the 'dumpcallback' function in SQLite...