OPENSUSE-SU-2018:3839-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging This update wa...

openSUSE Security Update : GraphicsMagick (openSUSE-2018-1430)

This update for GraphicsMagick fixes the following issues : Security issue fixed : - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed : - asanbuild: build ASAN included - debugbuild: build more suitable for debugging %NASLMINLEV...

openSUSE Security Update : GraphicsMagick (openSUSE-2018-1431)

This update for GraphicsMagick fixes the following issues : Security issue fixed : - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed : - asanbuild: build ASAN included - debugbuild: build more suitable for debugging %NASLMINLEV...

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

BlobRunner - Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base or offset of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To...

WordPress Configuration Cheat Sheet

In our series about misconfigurations of PHP frameworks, we have investigated Symfony, a very versatile and modular framework. Due to the enormous distribution and the multitude of plugins, WordPress is also a very popular target for attackers. This cheat sheet focuses on the wp-config.php file a...

kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...

kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...

Time Travel Debugging: finding Windows GDI flaws

Introduction Microsoft Patches for October 2018 included a total of 49 security patches. There were many interesting ones including kernel privilege escalation as well as critical ones which could lead to remote code execution such as the MSXML one. In this post we will be analysing a case of a W...

MagniComp SysInfo Information Disclosure Vulnerability - Linux

MagniComp SysInfo is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MagniComp SysInfo Information Disclosure Vulnerability - Mac OS X

MagniComp SysInfo is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

How to create and manage Splunk dashboards via API

In the previous post "How to correlate different events in Splunk and make dashboards" I mentioned that Splunk dashboards can be presented in a simple XML form. You can generate it with some script and then copy-past it in Splunk GUI. However, this manual operations can make the process of...

PowerShell Front-End for Windows Debugger Engine: DbgShell

The main impetus for DbgShell is that it’s just waaaay too hard to automate anything in the debugger. There are facilities today to assist in automating the debugger, of course. But in my opinion they are not meeting people’s needs. Using the built-in scripting language is arcane, limited,...

Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator

Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

[SECURITY] Fedora 28 Update: tcpflow-1.5.0-2.fc28

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

[SECURITY] Fedora 27 Update: tcpflow-1.5.0-2.fc27

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

Command injection

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...

CVE-2017-12576

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...