Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts. The issue i...

cgPwn - Cyber Grand Pwnage Box

A lightweight VM for hardware hacking, RE fuzzing, symEx, exploiting etc and wargaming tasks. This is a Ubuntu VM tailored for hardware hacking, RE and Wargaming. Tools included Pwndbg Pwntools Binwalk Radare2 Capstone, Unicorn and Keystone Engines Qira Timeless Debugger AFL Valgrind , VGdb...

Memory Corruption Vulnerability in Auxiliary Communication

HelpEIM WinEIM is an enterprise instant messaging software. A memory corruption vulnerability exists in the handling of folder transfers within the WinEIM software client, which allows an attacker to cause a remote program to crash by constructing a malformed folder that, if successfully exploite...

Local Buffer Overflow Vulnerability Exists in AuxCom

HelpEIM WinEIM is an enterprise instant messaging software. A local buffer overflow vulnerability exists in the folder handling in the WinEIM software client, which can lead to arbitrary code execution if an attacker disguises a malformed folder and tempts the user to parse it e.g., tricking the...

Cybozu Garoon fails to restrict access permission in the mail function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may alter the order of the mail folders. Solution...

openSUSE Security Update : virtualbox (openSUSE-2017-203)

This update for virtualbox to version 5.1.14 fixes the following issues : These security issues were fixed : - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...

openSUSE Security Update : virtualbox (openSUSE-2017-178)

This update for virtualbox to version 5.0.32 fixes the following issues : These security issues were fixed : - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

UBUNTU-CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

Boozt Fashion AB: Email spoofing at booztlet.com

Hello : This There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other booztlet email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email fro...

Cross site scripting

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

Oracle VM VirtualBox Local Vulnerability

Oracle VM VirtualBox is a cross-platform virtual machine software from Oracle. The software supports running multiple operating systems, creating VM groups, sharing folders, etc. on the same computer. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and...

Oracle VirtualBox Multiple Unspecified Vulnerabilities - 01 (Jan 2017) - Mac OS X

Oracle VirtualBox is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open-Xchange: IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA

Hello, I have found a point in the appointments API import that leaks the folder names from other users or the system folder names. POC ------------------ POST /appsuite/api/import?action=ICAL&folder=6&ignoreUIDs=false&session=56ab07c24398421990bc6820eeeff6cc HTTP/1.1 Host: sandbox.open-xchange.c...

Oracle VM VirtualBox 5.0.x < 5.0.32 / 5.1.x < 5.1.14 Multiple Vulnerabilities (January 2017 CPU)

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.32 or 5.1.x prior to 5.1.14. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the GUI subcomponent that allows an unauthenticated, remote attacker to impact...