Code injection

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...

CVE-2018-7298

Affected product: eQ-3 AG HomeMatic CCU2 (version 2.29.22). Issue: loopupd.sh downloads software update packages over HTTP, which provides no cryptographic protection. Root cause: lack of integrity/ authenticity verification for firmware updates due to plain HTTP delivery. Impact: attacker with n...

Design/Logic Flaw

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

Mail.ru: XSS via Cookie in e.mail.ru

Привет! Нашел stored xss через куку VID. Обычно такое эксплуатируется через mitm. Сама кука не имеет атрибутов secure и samesite, что дает возможность выставить ее по http на сервере атакующего. Сценарий такой: 1. Жертва находится в сети атакующего 2. DNS сервер сети атакующего резолвит хост...

CVE-2018-2604

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications subcomponent: Base. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Gue...

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were...

Sync Breeze 10.2.12 - Denial of Service Exploit

Exploit for windows platform in category dos / poc ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...

Sync Breeze 10.2.12 - Denial of Service

Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...

Sync Breeze 10.2.12 Denial Of Service

============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088 ============================================= I...

dwm.ks.edu.tw XSS vulnerability

Open Bug Bounty ID: OBB-403241 Description| Value ---|--- Affected Website:| dwm.ks.edu.tw Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

CVE-2017-12295

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

Design/Logic Flaw

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

Debian DLA-1149-1 : wget security update

CVE-2017-13089 Fix stack overflow in HTTP protocol handling. CVE-2017-13090 Fix heap overflow in HTTP protocol handling. For Debian 7 'Wheezy', these problems have been fixed in version 1.13.4-3+deb7u5. We recommend that you upgrade your wget packages. NOTE: Tenable Network Security has extracted...

[SECURITY] [DSA 4008-1] wget security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4008-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2017 https://www.debian.org/security/faq -...

CVE-2017-13090 GNU Wget: heap overflow in HTTP protocol handling

The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in piec...

CVE-2017-13089 GNU Wget: stack overflow in HTTP protocol handling

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...