CVE-2017-12576

CVE-2017-12576 affects PLANEX CS-QR20 (firmware 1.30) via a hidden, undocumented management page (/admin/system_command.asp) that allows an authenticated user to execute arbitrary commands, enabling remote code execution on the device. The issue arises from an admin/debug interface that should no...

CVE-2017-12576

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...

Microsoft Research Detours Package

Detours is a software package for monitoring and instrumenting API calls on Windows. Detours has been used by many ISVs and is also used by product teams at Microsoft. Detours is now available under a standard open source license MIT. This simplifies licensing for programmers using Detours and...

CVE-2018-15468

CVE-2018-15468 affects the Xen hypervisor (up to 4.11.x). The issue arises from incorrect handling of the MSR_DEBUGCTL register: when vPMU is disabled, value checking is skipped, allowing a guest to set MSR_DEBUGCTL in a way that enables Branch Trace Store and can lock up the host, leading to a D...

SUSE-SU-2018:2317-1 Security update for grafana, kafka, logstash, openstack-monasca-installer

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links bsc1096985. - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information bsc1090849. Bug...

Multiple Vulnerabilities in the Mobile Maintenance APP of China Mobile Communications Group Anhui Co.

Mobile Maintenance APP is a mobile office software for China Mobile's operation and maintenance staff, providing functions including resource management, portal management, work order dispatching and attendance statistics. There are multiple vulnerabilities in the Mobile Maintenance APP of China...

Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.

Authored by Aleksandar Nikolic. Executive summary It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash. In this case, we are using the...

Charles Proxy 4.2 Local Root Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

Highly Sophisticated Parasite RAT Emerges on the Dark Web

Researchers are tracking a remote access trojan RAT on underground markets that, so far, has only been attributed to one small malicious email campaign. However, the RAT, dubbed Parasite HTTP by the Proofpoint researchers that discovered it, has an impressive list of sophisticated features –...

Information Disclosure Vulnerability in Multiple Intel Products (CNVD-2018-15595)

Intel Xeon Scalable processors, etc. are central processing unit CPU products of the U.S. company Intel. A security vulnerability exists in the UEFI setting restriction for DCI in several Intel products. The vulnerability can be exploited by an attacker to access sensitive information on the...

Input validation

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

CVE-2018-14335

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file...

CVE-2018-1564

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968...

Design/Logic Flaw

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968...

CVE-2018-1564

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968...

CVE-2018-1564

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968...

Huawei Emily-AL00A Authentication Bypass Vulnerability

The Huawei Emily-AL00A is a smartphone device from the Chinese company Huawei. A forensic bypass vulnerability exists in Huawei Emily-AL00A. An attacker induces a user to connect to a malicious device. With debugging mode enabled, malware on the device can exploit this vulnerability to bypass the...

July 10, 2018—KB4338819 (OS Build 17134.165)

July 10, 2018—KB4338819 OS Build 17134.165 Note This release also contains updates for Microsoft HoloLens OS Build 17134.165 released July 10, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

Threat Roundup for June 29 to July 6th

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between June 29 and July 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, it will summarize the threats we've observed by...