September 19, 2017 – Morning Cyber Coffee Headlines – “Space Jam” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 19, 2017 - Headlines State, Federal Authorities Proposing New Rules o...

OWASPZAP v2.5.0 - Remote Code Execution Vulnerability

Document Title: =============== OWASPZAP v2.5.0 - Remote Code Execution Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2096 Video: https://www.youtube.com/watch?v=41gr2XhSOw Release Date: ============= 2017-09-18 Vulnerability Laboratory ID VL-ID:...

Fedora 26 : xen (2017-b7f1197c23)

Qemu: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330 1457698 Qemu: nbd: segmentation fault due to client non-negotiation CVE-2017-9524 1460173 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-10664 1466466 Qemu: exec: oob access during dma operation...

CVE-2017-14118

In the EyesOfNetwork web interface aka eonweb 5.1-0, module\toolall\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the hostlist parameter to module/toolall/selecttool.php...

Unitrends UEB 9.1 - Privilege Escalation

Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

CVE-2017-12481

CVE-2017-12481 affects Ledger 3.1.1, where the find_option function in option.cc can be triggered by a crafted file to cause a stack-based buffer overflow, leading to a denial of service (and potentially other impact). Public documents in the connected set confirm this CVE alongside related ones ...

DEBIAN-CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

Veritas Backup Exec Remote Agent Installed

Binary data veritasbackupexecremoteagentinstalled.nbin...

Veritas Backup Exec Remote Agent 14.1.x < 14.1.1786.1126 / 14.2.x < 14.2.1180.3160 / 16.0.x < 16.0.1142.1327 Use-after-free RCE (VTS17-006)

The version of Vertias Backup Exec Remote Agent installed on the remote Windows host is 14.1.x prior to 14.1.1786.1126, 14.2.x prior to 14.2.1180.3160, or 16.0.x prior to 16.0.1142.1327. It is, therefore, affected by a remote code execution vulnerability due to a use-after-free error that is...

Google Chrome - Out-of-Bounds Access in RegExp Stubs

There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this check has been performed. This can cause inline fields,...

BestSafe Browser - Man In The Middle Remote Code Execution

Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=VXNVzjsH0As...

Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...

Veritas / Symantec Backup Exec - SSL NDMP Connection Use-After-Free Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec...

PT-2017-4136 · Freedesktop.Org +2 · Poppler +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Poppler affected versions not specified Description: The issue is related to a division by zero error in the PostScriptFunction::exec function, specifically in the psOpIdiv case, which can lead to a denial of service. Thi...

openSUSE: Security Advisory for mercurial (openSUSE-SU-2017:1572-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Easy MOV Converter 1.4.24 Buffer Overflow

!/usr/bin/python Exploit Title: Easy MOV Converter 1.4.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 13-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Easy MOV Converter Vendor Homepage: http://www.divxtodvd.net/ Version: 1.4.24 Software Link:...

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

This module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session...