CVE-2018-10252

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its...

curl/curl_fuzzer_http: Stack-buffer-overflow in fuzz_handle_transfer

Detailed report: https://oss-fuzz.com/testcase?key=5569625854050304 Project: curl Fuzzer: libFuzzercurlfuzzerhttp Fuzz target binary: curlfuzzerhttp Job Type: libfuzzerasancurl Platform Id: linux Crash Type: Stack-buffer-overflow READ 8 Crash Address: 0x7fff6a3b0910 Crash State: fuzzhandletransfe...

rioimoveisonline.com.br XSS vulnerability

Open Bug Bounty ID: OBB-573457 Description| Value ---|--- Affected Website:| rioimoveisonline.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

NetScaler MAS Does Not Send Emails When Traps are Generated on NetScaler

NetScaler MAS does not send emails when traps are generated on NetScaler...

Herospeed - TelnetSwitch Remote Stack Overflow / Overwrite Password / Enable TelnetD Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd. Verified 1 Fullhan IPC...

The Many Tentacles of the Necurs Botnet

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from hom...

[SECURITY] Fedora 25 Update: php-7.0.25-1.fc25

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Unauthorized Extension Of Token Validity

simplesamlphp is vulnerable to having a token's validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit...

Friday Squid Blogging: Squid Fake News

I never imagined that there would be fake news about squid. That website lets you write your own stories. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8

Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect...

Upserve : Ability to create own account UUID leads to stored XSS

I found an interesting bug where the system allows a user to create their own UUIDs. There are character length restrictions on this action, however it's not bound to a specific set of characters. Even so, I was able to include an external script that I URL shortened to just hit the character lim...

DEBIAN-CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

UBUNTU-CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

ALPINE-CVE-2017-10923

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service hypervisor crash, aka XSA-225...

Debian Security Advisory DSA 3887-1 (glibc - security update)

The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. OpenVAS Vulnerability Test $Id: deb3887.nasl 6618 2017-07-07 14:17:52Z cfischer $ Auto-generated from advisory DSA 3887-1 using nvtgen 1.0...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...

Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

UBUNTU-CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...