Linux SELinux - W+X Protection Bypass via AIO

Linux SELinux - W+X Protection Bypass via AIO / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=854 SELinux has a set of permissions that can be used to prevent processes from creating executable memory mappings that contain data controlled by the process PROCESSEXECMEM,...

Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure

Dropbox Desktop Client 9.4.49 x64 - Local Credentials Disclosure Dropbox Desktop Client v9.4.49 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.dropbox.com Date 06/09/2016 Bug Discovery by: Yakir Wizman...

MySQL 5.5.45 64bit Local Credential Dislcosure

MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to friend of...

FedRAMP Prioritization

Coalfire has been participating in the American Council for Technology and the Industry Advisory Council ACT-IAC Cloud Computing community of interest in order to contribute in developing the new FedRAMP JAB Prioritization process...

Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2015-8937

drivers/char/diag/diagcharcore.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 2013 devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548...

Oracle OIT IX SDK libvs_pdf arbitrary pointer access

Talos Vulnerability Report TALOS-2016-0101 Oracle OIT IX SDK libvspdf arbitrary pointer access July 19, 2016 CVE Number CVE-2016-3579 Description When parsing a specially crafted PDF document, a value derived from a file is used as a memory pointer leading to a process crash. Tested Versions...

CVE-2016-0338

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by 1 reading a configuration file or 2 examining a process...

Linux - ecryptfs and /proc/$pid/environ Privilege Escalation

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836 Stacking filesystems, including ecryptfs, protect themselves against deep nesting, which would lead to kernel stack overflow, by tracking the recursion depth of filesystems...

Debian DSA-3481-1 : glibc - security update

Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. - CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AFUNSPEC querie...

CVE-2016-2198

QEMU aka Quick Emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting ...

Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PCAPNG...

Hewlett-Packard Vertica Remote Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Vertica. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vertica-udx-zygote process, which listens on a random port in the ephemera...

OpenVPN Gather Credentials

This module grab OpenVPN credentials from a running process in Linux. Note: --auth-nocache must not be set in the OpenVPN command line. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenVPN...

CVE-2015-4746

The CVE-2015-4746 entry concerns Oracle Supply Chain: Oracle Agile Product Lifecycle Management for Process component versions 6.0.0.7, 6.1.0.3, 6.1.1.5, and 6.2.0.0. It describes an unspecified vulnerability that allows remote authenticated users to affect confidentiality via unknown vectors rel...

[SECURITY] Fedora 20 Update: kernel-3.19.4-100.fc20

The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc...

Microsoft Internet Explorer SVG marker Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability lies in the handli...

Vulnerability tracking: latest IE UXSS vulnerability technical analysis-vulnerability warning-the black bar safety net

This article is a brief analysis about the vulnerability of the principle. Attack process top0. eval'=top1;alert;. location="javascript:alertdocument. domain"'; poc in the first iframe the use of a 3 0 2 jump, jump to the target domain, the second one the iframe is also loading the target domain ...

Adobe-Reader-PDF-LibTiff

Title: Adobe PDF LibTiff Integer Overflow Code Execution. Product: Adobe Acrobat Reader Version: 8.3.0, 9.3.0 CVE: 2010-0188 import sys import base64 import struct import zlib import StringIO SHELLCODEOFFSET=0x555 TIFFOFSET=0x2038 windows/exec - 227 bytes http://www.metasploit.com Encoder:...

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...