216 matches found
Microsoft Internet Explorer CVE-2018-8570 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 is are vulnerable...
Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
Description Microsoft PowerPoint is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code in the context of the affected application; this may aid in launching further attacks. Technologies Affected Microso...
SUSE-SU-2018:3045-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web...
CVE-2018-5392
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...
CVE-2018-5392
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...
CVE-2018-5392 mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...
CVE-2018-5392
CVE-2018-5392 affects mingw-w64 5.0.4 where executables claim ASLR compatibility but lack a relocations table, despite Dynamic Base headers. This mismatch means Windows binaries produced by mingw-w64 are not ASLR-compatible; the missing relocations table enables return-oriented programming (ROP) ...
Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
Description Microsoft Office is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Technologies Affected Microsoft Publisher 2010 Service Pack 2 32-bit editions Microsoft Publisher 2010 Service Pack 2 64-bit editions Recommendations Run...
Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System
Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as...
Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure
Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...
Windows Kernel 64-bit stack memory disclosure in nt!KiDispatchException(CVE-2018-0897)
We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a EXCEPTIONRECORD structure to user-mode memory while passing execution to a user-mode exception handler. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak was originally...
Microsoft Windows Kernel - NtQueryInformationThread(ThreadBasicInformation) 64-bit Stack Memory Disclosure
Microsoft Windows Kernel - NtQueryInformationThreadThreadBasicInformation 64-bit Stack Memory Disclosure / We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to...
Tenda AC15 Router - Unauthenticated Remote Code Execution(CVE-2018-5767)
INTRODUCTION In this post we will be presenting a pre-authenticated remote code execution vulnerability present in Tenda’s AC15 router. We start by analysing the vulnerability, before moving on to our regular pattern of exploit development – identifying problems and then fixing those in turn to...
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit
Exploit for windows platform in category local exploits !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory:...
How to mitigate rapid cyberattacks such as Petya and WannaCrypt
In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how rapid cyberattacks are different in terms of execution and outcome. In the second blog post, we provided some details on Petya and how it worked. In this final blog post, we will share:...
Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
Overview Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly...
Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware
Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly us...
JanTek JTC-200
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication AFFECTED PRODUCTS The following versions of JTC-200, a TCP/IP converter, are affected:...
It's Not Exactly Open Season on the iOS Secure Enclave
The black box that is Apple’s iOS Secure Enclave may have been pried open, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide. Yesterday’s public disclosure of the decryption key for the Secure Enclave Processor firmware does indeed allow white and black hats to pok...