DEBIAN-CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

CVE-2017-12479

It was discovered that an issue in the session logic in Unitrends Backup UB before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute...

CVE-2017-12479

CVE-2017-12479 – Unitrends Backup : Affects UB prior to 10.0.0. The issue is in session handling, where an attacker with existing low-privilege credentials can leverage the LOGDIR environment variable during a web session to elevate to root and execute arbitrary commands with root privileges. Thi...

[SECURITY] [DSA 3926-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3926-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 04, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3926-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3926-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 04, 2017 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3926-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue...

Windows WMI Receive Notification Exploit

This module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: https://metasploit.com/download Current source:...

Unauthorized Access

WordPress is vulnerable to unauthorized access. The attack is possible because the library uses the SERVERNAME variable to get the hostname of the server for PHP mail functions, allowing an attacker to modify the hostname of his choice and trigger a password reset function. However, the attack ca...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

glibc: LD_POINTER_GUARD in the environment is not sanitized

It was found that the dynamic loader did not sanitize the LDPOINTERGUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application...

Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Building a Car Hacking Development Workbench: Part 3

Welcome back to the car hacking development workbench series. In part two we discussed how to read wiring diagrams. In part three, we are going to expand on the workbench by re-engineering circuits and replicate signals used in your vehicle. If this is your first time stumbling across this write...

CVE-2017-11474

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computersoftwareversion.class.php, exploitable via ajax/common.tabs.php...

Cross-site Scripting (XSS)

github.com/koding/koding is susceptible to cross-site scripting XSS attacks. The attacks can be launched because it does not properly encode the KodingError message variable...

Fedora 26 : coreutils (2017-b17d54561b)

tail: revert to polling if a followed directory is replaced 1283760 ---- - date, touch: fix out-of-bounds write via large TZ variable CVE-2017-7476 ---- - do not obsolete coreutils-single, so it can be installed by DNF2 1444802 Note that Tenable Network Security has extracted the preceding...

CVE-2017-4918: VMware Horizon macOS client code injection vulnerability analysis-vulnerability warning-the black bar safety net

This article I want to discuss under the VMware Horizon macOS client version 4. 4. 0, the 5164329 of a code injection vulnerability, which can be used to obtain local root privileges. The good news is this issue already in the latest version is fix. 0x01 analysis On my MAC the above understanding...

CVE-2017-1000037

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...