NVIDIA Patches High-Severity GeForce Spoof-Attack Bug

NVIDIA gaming graphics software called GeForce Experience, bundled with the chipmaker’s popular GTX GPU, is flawed and opens the door to a remote attacker that can exploit the bug to steal or manipulate data on a vulnerable Windows computer. NVIDIA notified customers late last week of the bug and...

Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things IoT and Operational Technology OT devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical...

Code Injection in unix121/i3wm-themer

Description i3wm-themer is the theme collection manager for i3-wm which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash git clone https://github.com/unix121/i3wm-themer cd i3wm-themer/...

CVE-2020-36179

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

The Basics of Exploit Development 5: x86-64 Buffer Overflows

In this article we will be covering a technique similar to the one in the first installment of this series, however, with the twist in that this exploit will be of a 64-bit process running on Windows 10. Due to the nature of modern operating systems and the exploit mitigation techniques they...

SUSE-SU-2020:2583-1 Security update for avahi

This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits bsc1154063...

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

Adversarial use of current events as lures

By Nick Biasini. The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased...

Report: Most Popular Home Routers Have ‘Critical’ Flaws

A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. The “Home Router Security Report” PDF by Peter Weidenbach and Johannes vom Dorp—both from the German think tank Fraunhofer Institute–found that not only did all of the...

snappville.com Cross Site Scripting vulnerability OBB-1191361

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-11111

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

PT-2020-11969 · WordPress · Popup Builder

Name of the Vulnerable Software and Affected Versions: popup-builder plugin versions prior to 3.64.1 Description: The issue allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. An unauthenticated attacker can insert...

GitLab CVE-2019-15584 Denial of Service Vulnerability

Description GitLab is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. GitLab versions prior to 12.3.2, 12.2.6, and 12.1.10 are vulnerable. Technologies Affected Gitlab GitLab Community Edition 10.2 Gitlab GitLab Community Edition...

Apple tvOS and macOS CVE-2019-8706 Memory Corruption Vulnerability

Description Apple tvOS and macOS are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Technologies Affected Apple TV Apple mac...

Researcher Exploits Microsoft's Notepad to 'Pop a Shell'

A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system. The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was...

Capsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability

Summary A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in ful...

Exploit for Path Traversal in Rubyonrails Rails

Rails-doubletap-exploit RCE on Rails 5.2.2 using a path trave...

Linux: Address space layout randomization (ASLR) status

Address space layout randomization ASLR is an exploit mitigation technique which randomly arranges the address space of key data areas of a process. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria:...

Microsoft Exchange CVE-2019-0586 Remote Memory Corruption Vulnerability

Description Microsoft Exchange is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Exchange Server...