Monthly Archives: March 2017
DSA-3813 r-base – security update
Cory Duplantis discovered a buffer overflow in the R programming
language. A malformed encoding file may lead to the execution of
arbitrary code during PDF generation.
Vuln: Cisco NX-OS Software CVE-2017-3879 Remote Denial of Service Vulnerability
Cisco NX-OS Software CVE-2017-3879 Remote Denial of Service Vulnerability
Vuln: Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability
Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability
CVE-2017-7178
CSRF was discovered in the web UI in Deluge 1.3.13. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
CVE-2016-10253
An issue was discovered in Erlang/OTP 18.x. Erlang’s generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
CVE-2017-7177
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
WikiLeaks Won't Disclose CIA Exploits To Companies Until Certain Demands Are Met
It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Posted by 陈彦羽 on Mar 18
Hello:
The following is my application vulnerabilities.
---------------------------------------
---------------------------------------
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Application: MetInfo
Versions Affected: 5.3.15
Vendor URL: http://www.metinfo.cn/
Software Link:…
TS Session Hijacking / Privilege escalation all windows versions
Posted by Alexander Korznikov on Mar 18
Terminal Services / Console Session Hijacking can lead to Privilege
Escalation.
Vulnerability Details.
A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user’s session,
without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.
This is high risk vulnerability which allows any local admin to hijack a
session…