Foxit Reader U3D Clod Progressive Mesh Continuation Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL)

In a previous post we covered different techniques for execution of SQL and OS commands through Microsoft SQL server that can be used for delivering and executing malicious payloads on the target system. In this post we’ll discuss the same topic for MySQL database. Creating an executable directly...

Code injection

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app...

CredSSP Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Credential Security Support Provider protocol CredSSP. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processe...

Adobe Acrobat Pro DC ImageConversion XPS TIFF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Various Cross-site request forgery(CSRF) vulnerabilities in the Jira-importers-plugin - CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-7734

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions...

CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

Remote Code Execution (RCE)

OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...

CVE-2017-7678

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

Running an Effective Incident Response Tabletop Exercise

Are you ready for an incident? Are you confident that your team knows the procedures, and that the procedures are actually useful? An incident response tabletop exercise is an excellent way to answer these questions. Below, Ive outlined some steps to help ensure success for your scenario-based...

CVE-2016-4445

The fixlookupid function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function...

Cross site scripting

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

WordPress Magic Fields 1 plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Magic Fields 1 plugin, which allows an attacker to frame malicio...

Sofacy APT Targeting OS X Machines with Komplex Trojan

The prolific APT gang allegedly behind the DNC hack and other targeted attacks against Western military and political targets is using a new Trojan called Komplex to infect OS X machines used in the aerospace industry. The gang, known as Sofacy, APT28, Fancy Bear, Sednit and Pawn Storm, is...

[SECURITY] Fedora 23 Update: parallel-20160222-1.fc23

GNU Parallel is a shell tool for executing jobs in parallel using one or mo re machines. A job is typically a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of file s, a list of hosts, a list of users, or a list of tables. If yo...

Open-Source Phishing Toolkit: gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute hishing engagements and security awareness training. Installing Gophish Using Pre-Built Binaries Gophish is provided as a pre-built binary fo...

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...