Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

CVE-2016-7437

SAP Netweaver 7.40 improperly logs 1 DUI and 2 DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 225231...

chromium-browser: use-after-free related to extensions

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted extension...

[SECURITY] Fedora 23 Update: rubygem-activemodel-4.2.3-2.fc23

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

Racing MIDI messages in Chrome

This is a guest blog post by Oliver Chang from the Chrome Security team. This post is about an exceptionally bad use after free bug in Chrome’s browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web...

UBUNTU-CVE-2015-6767

Use-after-free vulnerability in content/browser/appcache/appcachedispatcherhost.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance...

KLA10670 Multiple vulnerabilities in Adobe products

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Type confusion,...

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group

Apple Mac OSX Install.Framework - Arbitrary mkdir unlink and chown to Admin Group Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends t...

Apple Mac OSX Install.Framework - Arbitrary mkdir / unlink and chown to Admin Group

Source: https://code.google.com/p/google-security-research/issues/detail?id=477 Install.framework has a suid root binary here: /System/Library/PrivateFrameworks/Install.framework/Resources/runner This binary vends the IFInstallRunner Distributed Object, which has the following method:...

UBUNTU-CVE-2015-6660

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...

Tasks, microtasks, queues and schedules

When I told my colleague Matt Gaunt I was thinking of writing a piece on microtask queueing and execution within the browser's event loop, he said "I'll be honest with you Jake, I'm not going to read that". Well, I've written it anyway, so we're all going to sit here and enjoy it, ok? Actually, i...

DEBIAN-CVE-2014-9732

The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...

CVE-2015-3358

Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that 1 enable and disable modules or 2 change variables...

Adobe Flash Player Multiple Vulnerabilities-01 (Jul 2014) - Mac OS X

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds Max 6 through 9 3ds Max 2008 throu...

Cloudflare: User's data leak

Hacker can steal user's data via js callbacks via JSONP. In account panel some user's data returned from server by ajax queries in json and can be stealed by callbacks, https://www.cloudflare.com/ajax/stats/stats2.html?callback=logFunction Vector: 1 Victim should be authorized on cloudflare 2...

Fedora Update for pyOpenSSL FEDORA-2013-15925

Check for the Version of pyOpenSSL OpenVAS Vulnerability Test Fedora Update for pyOpenSSL FEDORA-2013-15925 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Fedora Update for pyOpenSSL FEDORA-2013-15881

Check for the Version of pyOpenSSL OpenVAS Vulnerability Test Fedora Update for pyOpenSSL FEDORA-2013-15881 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

[SECURITY] Fedora 20 Update: pyOpenSSL-0.13.1-1.fc20

High-level wrapper around a subset of the OpenSSL library, includes among o thers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...