Zimbra Collaboration Suite Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com CVE ID : CVE-2017-8802 Product: Zimbra Collaboration Suite ZCS 1 Vendor: Synacor Inc. 2 Subject: Stored Cross-Site Scripting XSS Vulnerability Risk: High Effect: Exploitable by Anonymous Internet Adversaries Triggered in the Context of an...

Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...

Monero: remote access to localhost daemon, can issue jsonrpc commands

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Remotely use...

HackerOne: ImageMagick GIF coder vulnerability leading to memory disclosure

Hello Hackerone Security Team, Well,we are aware of Imagemagick Gif parsor method to collect the pixels and then we can recover it to gain server information. https://github.com/neex/gifoeb However,it has no impact on hackerone since it's immune to gif files uploading functionality. So, ,gif...

SonicWall SonicOS NSA - Multiple Web Vulnerabilities

Document Title: =============== SonicWall SonicOS NSA - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 1725...

Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

ABB Ellipse

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: Ellipse Vulnerability: Unprotected Transport of Credentials AFFECTED PRODUCTS ABB reports that the vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse...

Mozilla Firefox ESR < 52.5.2

The version of Firefox ESR installed on the remote Windows host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-28 advisory. - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library,...

Remote code execution

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...

CVE-2017-11295

An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution...

CVE-2017-11304

An issue was discovered in Adobe Photoshop 18.1.1 2017.1.1 and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation

A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately contained a bug that prevented it from working at all...

Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation

I recently blogged about how the installation process of version 5.0.0 of this plugin could be hihacked by a local attacker or malware in order to escalate privileges to root. Hashicorp pushed some mitigations for this issue fairly quickly but unfortunately 5.0.1 is still exploitable with a...

Readymade Classifieds Script 1.0 - SQL Injection

Exploit Title: Readymade Classifieds Script 1.0 - SQL Injection Dork: N/A Date: 02.12.2017 Vendor Homepage: http://www.scubez.net/ Software Link: http://www.posty.in/index.html Demo: http://www.posty.in/readymade-classifieds-demo.html Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

Siemens Industrial Products (Update C)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01B Siemens Industrial Products that w...

Siemens Industrial Products (Update B)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01A Siemens Industrial Products that w...

Design/Logic Flaw

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability

ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability. 1. Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Ye...

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting

Introduction Vendor: ZKTeco Affected Product: ZKTime Web - 2.0.1.12280 Fixed in: Vendor Website: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE: CVE-2017-17057 2. Overview There is a reflected XSS vulnerability in ZKTime Web. The...