UPDATE: Empire 3.1.4

Empire 3.1.4 was released a couple of days ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. This version adds evasive methods to the HTTP payloads along with with a few fixes. What is Empire? Empire 3...

CVE-2019-11762

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Nsauditor 3.2.0.0 - (Name) Denial of Service Exploit

Exploit Title: Nsauditor 3.2.0.0 - 'Name' Denial of Service PoC Discovery by: 0xMoHassan Date: 2020-04-04 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested o...

python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2020:0429-1 Rating: moderate References: 1167208 1167623 Cross-References: CVE-2019-12921 CVE-2020-10938 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now...

Cross-Site Request Forgery (CSRF)

spring-security-web is vulnerable to cross-site forgery request CSRF. A remote attacker is able to submit requests to the SwitchUserFilter on behalf of the authenticated user by tricking the user into visiting a malicious web page. This vulnerability exists as the application accepts all HTTP...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

openSUSE: Security Advisory for apache2-mod_auth_openidc (openSUSE-SU-2020:0376-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0365-1 Rating: important References: 1167090 Cross-References: CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 Affected Products:...

What is the Best Defense Against Phishing Attacks?

Whether the subject line was “You’re account will be closed!” or the email address was [email protected], we have all received and rolled our eyes at a poorly disguised phishing attempt. While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

Design/Logic Flaw

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

CVE-2020-9519

The CVE-2020-9519 entry concerns Micro Focus Service Manager (server) with an exposure of configuration data. Affected versions are 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, and 9.63. The documents indicate the issue arises from handling HTTP methods in web services, enabling partial confid...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

Servicing stack update for Windows 10, version 1903 and 1909: March 10, 2020

Servicing stack update for Windows 10, version 1903 and 1909: March 10, 2020 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable servicing stack so...

Description of the security update for Office Online Server: March 10, 2020

Description of the security update for Office Online Server: March 10, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Word software if the program does not correctly handle objects in memory. To learn more about the vulnerability, see the...

End of support for Office 2010

End of support for Office 2010 Support for Office 2010 ended on October 13, 2020 and there will be no extension and no extended security updates.Buy or try Microsoft 365 Tip: Not sure what version of Office you have? See Find details for other versions of Office to help you determine what version...

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2020:0308-1 Rating: important References: 1165303 Cross-References: CVE-2020-6802 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...