[SECURITY] Fedora 29 Update: polkit-0.115-4.2.fc29

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

MemITM - Tool To Make In Memory Man In The Middle

The MemITM Mem In The Middle tool has been developped in order to easily intercept "messages" in Windows processes memory. We developped a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them ...

Microsoft Windows Data Sharing Service Elevation of Privilege Vulnerability (CNVD-2019-16175)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows Data Sharing Service is one of the data sharing service components used in it. An elevation of privilege vulnerability exists in Microsoft Windows Data Sharing Service, which ca...

PHP 7.2.x < 7.2.4 Dumpable FPM Child Processes

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.4. It is, therefore, affected by opcache access controls bypass via dumpable FPM child processes. Note that the scanner has not tested for these issues but has instead relied only on the application...

Microsoft Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on...

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. It does not perform any checks on the contents of the PIDFile file of a service, which would allow a local attacker to trick the systemd into killing privileged processes by tampering with the PIDFile of a service...

CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1176-1)

This update for php7 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:1291-1)

This update for php5 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

CVE-2018-6337

folly::secureRandom will re-use a buffer between parent and child processes when fork is called. That will result in multiple forked children producing repeat or similar results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00...

PT-2018-17487 · Facebook · Folly +1

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 3.26.3 folly library versions between v2017.12.11.00 and v2018.08.09.00 Description: The issue is related to the folly::secureRandom function, which re-uses a buffer between parent and child processes when fork is calle...

Linux/x86 - Kill All Processes Shellcode (14 bytes)

Exploit Title: Linux/x86 - Kill All Processes Shellcode 14 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 14 Description: Linux/x86 kill 9 -1 14 bytes...

The vulnerability of the pgrep function in console-based applications for monitoring and terminating system processes in Props-ng allows a attacker to cause a service failure.

The vulnerability of the pgrep function in console-based applications for monitoring and terminating system processes in Props-ng is related to an error that causes buffer overflows. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through specially crafted...

Cross Site Request Forgery (CSRF)

phpmyadmin is vulnerable to cross site request forgery CSRF. When an authenticated user is tricked into visiting a malicious web page, an attacker is able to perform unwanted actions on behalf of the victim such as rename databases, create new tables/routines, delete designer pages, add/delete...

[SECURITY] Fedora 28 Update: polkit-0.115-2.fc28

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executi...

Injecting Code into Windows Protected Processes using COM - Part 2

Posted by James Forshaw, Project Zero In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes...

kubernetes: authentication/authorization bypass in the handling of non-101 responses

A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...

Memory corruption

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root but not escape the sandbox via vectors involving IPCRMID shmctl calls, because reference counting is mishandled...