This Service Helps Malware Authors Fix Flaws in their Code

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...

Kernel-mode type-confusion vulnerability via NtUserSetInformationThread/UserThreadCsrApiPort

The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a NULL type specified it should instead be using LpcPortObjectType to protect against this vulnerability...

Node.js: CRLF Injection in legacy url API (url.parse().hostname)

Summary: There is CRLF Injection in legacy url.hostname API. Description: During the recent penetration test, I have found a whitelist bypass using CRLF Injection. We did a code review and determined the issue is in a legacy url.hostname API. Not sure if it's a known issue or not, I wasn't able t...

Exim 4.87 < 4.91 - (Local / Remote) Command Execution Exploit

Qualys Security Advisory The Return of the WIZard: RCE in Exim CVE-2019-10149 ======================================================================== Contents ======================================================================== Summary Local exploitation Remote exploitation - Non-default...

AutoSource - Automated Source Code Review Framework Integrated With SonarQube

AutoSource is an automated source code review framework integrated with SonarQube which is capable of performing static code analysis/reviews. It can be used for effectively finding the vulnerabilities at very early stage of the SDLCSoftware Development Life Cycle. The user can scan the code by...

WordPress article2pdf 0.24 DoS / File Deletion / Disclosure Vulnerabilities

WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities. Product: article2pdf Wordpress plug-in Product Website: https://wordpress.org/plugins/article2pdf/ Affected Versions: 0.24 and greater The following...

HackerOne: A small set of users were assigned someone else's payout preference

On December 20th, 2016, HackerOne introduced a new payout preference that allowed employee bounties to be paid through payroll. At the time, a feature was added to our support backend that allowed the IT department to provision this special payout preference for HackerOne employees. To help the I...

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

MariaDB: Incorrect Permission Assignment for Critical Resource

Dear Team, Product Affected: https://github.com/MariaDB/server File: /server/blob/10.3/sql/mysqld.ccL2761 if !SetSecurityDescriptorDacl&sdPipeDescriptor, TRUE, NULL, FALSE This was purely identified on code review, Never create NULL ACLs. A mail was sent to [email protected] and MariaDB team i...

DCI Policy Update

Summary: Intel is releasing Direct Connect Interface DCI policy update. Description: Existing UEFI setting restrictions for DCI Direct Connect Interface in 5th and 6th generation Intel® Xeon® Processor E3 Family, Intel® Xeon® Scalable processors, and Intel® Xeon® Processor D Family can potentiall...

FreeBSD : GitLab -- multiple vulnerabilities (418c172b-b96f-11e7-b627-d43d7e971a1b)

GitLab reports : Cross-Site Scripting XSS vulnerability in the Markdown sanitization filter Yasin Soliman via HackerOne reported a Cross-Site Scripting XSS vulnerability in the GitLab markdown sanitization filter. The sanitization filter was not properly stripping invalid characters from URL...

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure

KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure Title: Barracuda WAF Internal Development Credential Disclosure Advisory ID: KL-001-2017-011 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-011.txt 1. Vulnerability...

Barracuda WAF Internal Development Credential Disclosure

Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code, CWE-200: Information Exposure Impact: Privileged Access Attack vector: Code Review 2...

Paragon Initiative Enterprises: Paragonie Airship Admin CSRF on Extensions Pages

Summary ========== The /bridge/admin/skyport/install endpoint, as well as some of the endpoints around it, are vulnerable to Cross-Site Request Forgery. Description ========= The functions in src/Cabin/Bridge/Controller/Skyport.php in the Airship project appear to all be vulnerable to Cross-Site...

Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

Mobile Security Framework: MobSF

Mobile Security Framework is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We’ve been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and...

Samsung Tizen Security 'Feels like 2005'

SINT MAARTEN—Samsung’s Tizen operating system, a strategic stronghold for the company as it attempts to grow its line of homegrown mobile devices, isn’t such a vanguard when it comes to security. An independent researcher has discovered dozens of vulnerabilities in the OS that puts devices such a...

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...

Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...