Description of the security update for the Windows Common Log file system driver elevation of privilege vulnerability in Windows Server 2008: February 13, 2018

Description of the security update for the Windows Common Log file system driver elevation of privilege vulnerability in Windows Server 2008: February 13, 2018 Summary An elevation of privilege vulnerability exist when the Windows Common Log File System CLFS driver improperly handles objects in...

Windows 10 PVS target devices experience poor performance

After capturing a Windows 10 vdisk you might experience below par performance when streaming the vdisk to the target device. The issue can manifest in a number of ways, for example: 1. Long time to capture the vdisk. 2. Slow boot/login times. 3. Slow file transfer speeds compared to other...

Generic Signature Format for SIEM Systems: Sigma

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers ...

Intel® NUC Kit with Infineon Trusted Platform Module

Summary: Certain Intel® NUC systems contain an Infineon Trusted Platform Module TPM that has an information disclosure vulnerability as described in CVE-2017-15361. Description: Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration...

Domains & Hostings Manager PRO 3.0 - Authentication Bypass

Exploit Title: Domains & Hostings Manager PRO v 3.0 - Authentication Bypass Date: 13.01.2018 Vendor Homepage: http://endavi.com/ Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735 Demo: http://endavi.com/dhrprodemo/ Version: 3.0 Tested on: Windows 10...

Microsoft Edge Out Of Bounds Read Information Disclosure (CVE-2018-0767)

An out of bounds read information disclosure vulnerability exists within Microsoft Edge. This is due to the way Microsoft Edge handles array segments in certain Javascript methods. A successful attack could lead to stolen information...

Monero: Corrupt RPC responses from remote daemon nodes can lead to transaction tracing

Dear Monero security team, We’re writing to disclose a privacy vulnerability when using monero-cli or monero-gui with an untrusted remote node. When using a remote node, the Monero client relies on the node to provide information from the blockchain, in particular the public keys and transaction...

The vulnerability of the list_files function in the Info-ZIP Unzip file archiver allows a hacker to trigger a service failure.

The vulnerability of the listfiles function in the Info-ZIP Unzip file archiver arises from operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to cause service failures through mechanisms related to compression methods...

A Death Match of Domain Generation Algorithms

By Hongliang Liu and Yuriy Yuzifovich Originally posted on December 29, 2017 Today's post is all about DGA's Domain Generation Algorithms: what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will...

Description of the security update for Office Web Apps Server 2013: January 9, 2018

Description of the security update for Office Web Apps Server 2013: January 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Web Application Vulnerability Scanner: Wapiti

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

CVE-2014-2071

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identiti...

CVE-2014-2071

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identiti...

Ruby: The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters.

It seems that entries,new, and empty? do not check NULL characters in methods of Dir. log vagrant@localhost $ ls test vagrant@localhost $ irb irbmain:001:0 Dir.open"/home/vagrant\0xxx" do |d| irbmain:002:1 p d.read = "." irbmain:003:1 p d.read = ".." irbmain:004:1 p d.read irbmain:005:1 p d.read...

Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability

Document Title: =============== Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5283 CVE-ID: ======= CVE-2018-5283 Release Date:...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

CloudForms: lack of RBAC on various methods in web UI

CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...