dnSpy - .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...

Information Disclosure

openstack-neutron is vulnerable to information disclosure attacks. The vulnerability exists as a race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron...

Privilege Escalation

cfme is vulnerable to privilege escalation attacks. The vulnerability exists as a logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an...

Anti-Spoofing Controls Bypass

openstack-neutron is vulnerable to anti-spoofing controls bypass. Authenticated users using the ML2 plugin or the security groups AMQP API are able to set the deviceowner field to an arbitrary value starting with network: on networks they do not own. Setting the affected field before the security...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists as the XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attacke...

A Growing Frontier for Terrorist Groups: Unsuspecting Chat Apps

Opinion: As Twitter, Facebook, and YouTube crack down on extremist propaganda, ISIS recruiters are exploiting lesser-known messenger apps...

MIPT/PhysTech guest lecture: Vulnerabilities, Money and People

On December 1, I gave a lecture at the Moscow Institute of Physics and Technology informally known as PhysTech. This is a very famous and prestigious university in Russia. In Soviet times, it trained personnel for Research Institutes and Experimental Design Bureaus, in particular for the Soviet...

New Advanced Dynamic Scan Policy Template in Nessus 8

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...

Chamilo LMS cross-site scripting vulnerability (CNVD-2018-26467)

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site scripting vulnerability exists in the...

Design/Logic Flaw

Chamilo LMS version 1.11.8 contains XSS in main/social/groupview.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits...

CVE-2018-20328

Chamilo LMS version 1.11.8 contains XSS in main/social/groupview.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits...

CVE-2018-20328

Chamilo LMS version 1.11.8 contains XSS in main/social/groupview.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits...

CVE-2018-20328

Chamilo LMS version 1.11.8 contains XSS in main/social/groupview.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits...

LDAP_Search - Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAPSearch can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash. In addition, this tool has been modified to allow brute force/password-spraying via LDAP. LdapSearch makes use of Impackets...

Australia Anti-Encryption Law Triggers Sweeping Backlash

A controversial Australian bill, which could give the government access to data protected by end-to-end encryption, was passed Thursday. The bill, called the Assistance and Access Act, empowers Australian police to essentially force companies that are operating in the country to help the governme...

U.S. Military Members Catfished and Hooked for Thousands of Dollars

A sextortion ring that aimed “catfish” efforts at U.S. military service members has been uncovered. The scam bilked 442 service members from the Army, Navy, Air Force and Marine Corps out of more than $560,000. An 11-month investigation, dubbed “Operation Surprise Party” and carried out by the...

Podcast: Breaking Down the Magecart Threat (Part Two)

Threatpost editor Lindsey O’Donnell talks to RiskIQ’s threat researcher, Yonathan Klijnsma, about the varying groups under the Magecart umbrella, and the differing characteristics, targets and techniques of these growing number of groups. This is the second in a series of three podcasts featuring...

CVE-2018-13355

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization...

CVE-2018-13355

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization...

Widespread Malvertising Campaign Hijacks 300 Million Sessions

A massive malvertising campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours. Researchers at Confiant recorded the campaign Nov. 12, and said that the threat actor behind the campaign is still active to this day. A malicious landing page According to...