CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

Debian Security Advisory DSA 3266-1 (fuse - security update)

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the...

Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)

!/usr/bin/perl = Exploit Title: Quick Search 1.1.0.189 'search textbox' Unicode SEH egghunter Buffer Overflow Date: 2015-04-23 Exploit Author: Tomislav Paskalev Vulnerable Software: Quick Search v1.1.0.189 Vendor Homepage: http://www.glarysoft.com/ Software Link:...

CVE-2015-3320

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output...

Design/Logic Flaw

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output...

CVE-2015-3320

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output...

CVE-2015-3320

The CVE-2015-3320 issue affects Lenovo USB Enhanced Performance Keyboard software prior to 2.0.2.2. Debug code in SKHOOKS.DLL uses OutputDebugString to reveal which keys are pressed; it is accessible only to users with local system access and the ability to capture debug output. Lenovo materials ...

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis-vulnerability warning-the black bar safety net

Last night security news broke of a“PHP arbitrary file upload Vulnerability”, CVE number: CVE-2 0 1 5-2 3 4 8 in. At the time landlord is ready to pack up and go home, see this news my heart a surprised: the lost rivers and lakes for many years the 0 character truncation upload vulnerability and...

Websense Appliance Manager - Command Injection

Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remote unauthenticated attacks to compromise the...

Websense Appliance Manager - Command Injection

Websense Appliance Manager - Command Injection Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remo...

Google Chrome Access Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. The use of the DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debuggerapi.cc in versions of Google Chrome prior to 41.0.2272.76 fails to properly restrict the debugging targets that can be used as the URLs,...

Discuz全版本存储型DOM XSS（可打管理员）附Discuz官方开发4大坑&验证脚本

简要描述： 由此次漏洞和上次的命令注入，看出Discuz官方开发4大坑： 1.发的补丁和diff官方最新版本安装包的结果不一定相同（导致后台升级，手动更新后已经在新版本修了的漏洞还在） 2.发补丁不发修复点的公告（导致二次开发的站考虑到兼容性不愿第一时间更新） 3.在线上改代码修漏洞却不发补丁 4.发补丁，发新版本安装包的时间，论坛发补丁帖的时间不一致，参见：http://download.comsenz.com/DiscuzX/3.2/ http://www.discuz.net/forum-10-1.html 详细说明： Discuz编辑器JS处理不当导致的存储型XSS。 产生原因：...

CVE-2 0 1 5-2 0 8 0 analysis-vulnerability warning-the black bar safety net

jetty is a very widely used java container, in the development of javaweb application when using jetty as an embedded container, debugging is very convenient. Many big Internet companies are using it to replace the tomcat, as far as I know, Ali inside the use of the jetty is also better than the...

OWASP SSL audit: O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...

Socat - Multipurpose relay (SOcket CAT)

Socat is a utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices terminal or modem, etc., sockets Unix, IP4, IP6 - raw, UDP, TCP, a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes...

Grinder - System to Automate the Fuzzing of Web Browsers

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...

Ruby on Rails: RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1

With the release of Ruby on Rails 4.2 the so called Web Console was introduced. As the Web Console documentation states: Web Console is built explicitly for Rails 4. By default the Web Console is available in the Rails Development Environment and allows only the IPs 127.0.0.1 and ::1 to access th...

Sanitize passwords when Network Traffic debugging is enabled

Login attempts for users managed externally i.e. JIRA/Crowd logs the user's password in FishEye logs if the Network Traffic is enabled. I think the password should be sanitized, because: This information is generally not important for troubleshooting of most issues. Users would have sensitive...

IE vulnerability commissioning of CVE-2 0 1 3-3 8 9 3-vulnerability warning-the black bar safety net

Introduction Windows platform vulnerability discovery, and security research, IE is always not open around the topic. IE vulnerabilities just like the adobe series like Classic, is learning to exploit, the shellcode and the perfect way. On the IE vulnerability, the UAF IE Use-After-Free is the mo...

THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard

This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination. Furthermore...