CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

marshmallow library for Python Information Disclosure Vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. marshmallow library is one of the lightweight libraries for converting complex objects into Python data...

Backdoor Vulnerability in NUUO NVRMini2

NUUO is one of the surveillance solution providers and NUUO NVRMini 2 is the NVR solution with NAS functionality. A backdoor vulnerability exists in NUUO NVRMini 2. When a specific file /tmp/moses/ exists in the file system of the target device, the backdoor will be opened, and any unauthorized...

EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1263)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandle...

Microweber Cross-Site Request Forgery Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site request forgery vulnerability exists in Microweber version 1.0.7. A remote...

CVE-2018-8479

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK...

CVE-2018-7789

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames...

CVE-2018-1000657

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vecdeque::VecDeque::reserve function that can result in Arbitrary code execution, but no...

CVE-2018-1000657

Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vecdeque::VecDeque::reserve function that can result in Arbitrary code execution, but no...

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

CVE-2018-5392

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...

DEBIAN-CVE-2018-5392

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...

UBUNTU-CVE-2018-5392

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a...

Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar

There are lots of Holy Grails when it comes to compromising endpoints. One of them has long been an attack that leads to kernel ring0 access on a Windows system. That translates into so-called “God Mode” for hackers — and “game over” for victims. This is why Microsoft has gone to great lengths ov...

Security Bulletin: Multiple Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 6, 7, & 8 Affect Transformation Extender

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition versions 6, 7, & 8 that are used by Transformation Extender. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An...

CVE-2018-7058

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest...

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

WECON LeviStudioU Stack Heap Buffer Overflow Vulnerability

WECON LeviStudio is a set of HMI programming software from WECON China. WECON LeviStudioU suffers from a stack heap buffer overflow vulnerability that could allow an attacker to execute remote code...