New COOP Attack Method Highlights Weaknesses In Microsoft's CFG Defenses

Researchers at Endgame have been evaluating an exploitation technique called Counterfeit Object-Oriented Programming COOP to bypass Control Flow Integrity CFI implementations such as that used by Microsoft to harden the defenses of Windows 10. Microsoft added its mitigation, called Control Flow...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

Expression Engine 3.4.2: Code Reuse Attack

RIPS Analysis The analysis with RIPS took about 4 minutes. Overall, the code of Expression Engine seems to be very robust. Still our analysis results point out some vulnerabilities. RIPS detected mainly possibilities for a malicious user to embed HTML and JavaScript code via the administration...

Paragon Initiative Enterprises: Incorrect detection of onion URLs

Several places have incorrect code to detect if URL point to .onion domain tor hidden server: The following regexes: 1. ^https://^/:+.onion:?:0-9+ 2. ^https?://^/+.onion which is used in: https://github.com/paragonie/airship/blob/0e9289553cdc538556d362faaee63be6cc534a0c/src/Engine/Hail.phpL223...

Complex Code Reuse Attacks: ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form...

ManageEngine EventLog Analyzer 10.8 Privilege Escalation

ManageEngine EventLog Analyzer v10.8 Date: 2/9/2016 Exploit Author: @GraphX Vendor Homepage: http://www.manageengine.com Version: 10.8 1 Description: It is possible for a remote authenticated attacker using an unprivileged account to gain access to the admin account via parameter manipulation usi...

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...

JScript 5.7 RegExpBase::FBadHeader Use-After-Free

Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size. CVE-2015-2482: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482...

Ricoh Aficio 450/455 PCL Printer Remote ICMP Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11932/info It is reported that Ricoh 450/455 printers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the device to properly handle exceptional ICMP packets. Remote attackers...

D-Link DSL Router Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This vulnerability...

Mozilla Firefox 1.0.x JavaScript Handler Race Condition Memory Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19488/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this...

D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the rout...

emlog code reuse vulnerability, password blasting and other impact-vulnerability warning-the black bar safety net

Brief description: emlog code reuse. You can ignore the CAPTCHA brush comments, ignoring the code to brute force the background. Detailed description: See two days emlog source code is also not white to see it. In the comment when the service side validation of the data code as follows:...

Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Nokia N70/N73 Bluetooth Stack Denial Of Service

Nokia N70/N73 Bluetooth Stack OBEX Implementation Denial of Service ------------------------------------------------------------------ I. Summary Nokia N70 and N73 are two popular models from Nokia's N-series lineup of smart phones. A flaw has been found in the OBEX implementation in these two...

Mozilla Firefox 1.x - XML Handler Race Condition Memory Corruption

Mozilla Firefox 1.x - XML Handler Race Condition Memory Corruption source: https://www.securityfocus.com/bid/19534/info Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. Attackers may...

Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption

Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption source: https://www.securityfocus.com/bid/19488/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption...

Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption

source: https://www.securityfocus.com/bid/19488/info Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine...

D-Link DSL Router - Remote Authentication Bypass

D-Link DSL Router - Remote Authentication Bypass source: https://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This...

D-Link DSL Router - Remote Authentication Bypass

source: https://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This vulnerability allows remote attackers to gain...