CVE-2015-7888

CVE-2015-7888 affects Samsung Galaxy S6 Edge WifiHs20UtilityService. A directory traversal occurs when a cred.zip is placed under /sdcard/Download; the unzipping process can write files to arbitrary locations (e.g., /data/bundle) as the system user due to unverified file paths. Project Zero notes...

Privilege Escalation

github.com/bosun-monitor/bosun is vulnerable to privilege escalation. The library does not quote service paths, allowing a malicious user to load a runnable file at system level privilege...

CVE-2017-5683

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access...

Privilege escalation

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access...

CVE-2017-5683

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access...

CVE-2017-5683

Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access...

Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)

Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY. POSHSPY leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation WMI. In the investigations Mandiant has conducted, it appeared that APT29 deployed POSHSPY as a secondary...

Android Auto Dialer Vulnerability

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. There is a security vulnerability in Android Auto Dialer. The vulnerability arises because the system-level Intent mechanism "android.intent.action.CALL" defined in...

Multiple AVG Product DLL Load Local Code Injection Vulnerabilities

AVG Ultimate and others are antivirus programs from the Czech company AVG. A local code injection vulnerability exists in several AVG products. A local attacker can exploit this vulnerability to execute arbitrary code in the context of the system running in the affected program to gain full contr...

VM Escape Earns Hackers $105K at Pwn2Own

Hackers managed to take down Microsoft Edge and escape a virtual machine to boot on the third day of Pwn2Own early Friday. Members from Qihoo’s 360 Security Team carried out the VM exploit, earning the group $105,000, by far the highest amount awarded to a group at the hacking challenge this week...

CVE-2017-5169

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Po...

Ali poly security Android application vulnerability scanner analysis: local denial of service detection detailed explanation-vulnerability warning-the black bar safety net

Ali poly security of the Android application vulnerability scanners have a detection item is a local denial of service vulnerability detection using static analysis applied motion blur test of the method to the detection, the detection results are accurate and comprehensive. This article will tal...

Microsoft Windows 8.1 Update 2 / 10 10586 (x86/x64) - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=865 Windows: NtLoadKeyEx User Hive Attachment Point EoP Platform: Windows 10 10586 32/64 and 8.1 Update 2, not tested Windows 7 Class: Elevation of Privilege Summary: The NtLoadKeyEx system call allows an unprivileged user to loa...

Dolby Audio X2 (DAX2) privilege escalation

A vulnerability has been identified with the file permissions for the Dolby DAX2 application programming interface API that could allow a local user to run files with system level privileges. Mitigation Strategy for Customers what you should do to protect yourself: Lenovo is currently working wit...

The vulnerability of the Linter Bastion database management system allows a malicious individual to execute arbitrary code with system privileges or to disrupt the operation of the program.

In the procedure “sub4101B4”, there is no validation of the correctness of the input data at addresses “0x004104D1”, “0x004105AB”, and “0x004105EA”. This may lead to buffer overflows during the processing of RPC calls numbered 0x13 and 0x12 “0x0040C73C”. This vulnerability allows a malicious...

OEM Bloatware Security Vulnerabilities Found

Last year’s Superfish and eDellRoot bloatware mishaps exposed the security nightmare that pre-installed software updaters can create on new laptops. And while these two high-profile incidents made the issue public, they’re hardly isolated cases. Many popular consumer and business laptops from...

Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced

In the end, it was a nail-biter pitting Tencent Security Team Sniper KeenLab and PC Manager against JungHoon Lee lokihardt for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a...

MEDCIN engine of the exploitability of the vulnerability details-vulnerability warning-the black bar safety net

! Science: the MEDCIN engine is a service to doctors and nurses electronic medical records system. A few months ago, I was in the MEDCIN engine to older versions of the safety assessment found a loophole. So I to the Supplier a report of the vulnerabilities and then repair, after viewing the...

By PHP deserialization remote code execution-vulnerability warning-the black bar safety net

In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE）vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...

Automattic: CSV Injection in polldaddy.com

Hello, We can inject commands in any fields of a member in an email group =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim download...