Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names “.” and “..” (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.
Monthly Archives: March 2017
LastPass websiteConnector.js RPC Command Proxy
websiteConnector.js content script in LastPass allows for proxying of internal RPC commands.
Joomla Extra Search 2.2.8 SQL Injection
Joomla Extra Search component version 2.2.8 suffers from a remote SQL injection vulnerability.
GLink Word Link Script 1.2.3 SQL Injection
GLink Word Link Script version 1.2.3 suffers from a remote SQL injection vulnerability.
POC OR GTFO 0x14
This is the fourteenth issue of POC || GTFO.
Trekkie ransomware – your files may be safe in the shadows
You can hide your files in the shadows for now. But maybe not later.
The post Trekkie ransomware – your files may be safe in the shadows appeared first on Avira Blog.
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
Posted by SEC Consult Vulnerability Lab on Mar 22
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
fixed version: Firmware 3.5.3-86
CVE number: –
impact: Critical…
Eugene Kaspersky and the First Antarctic Biennale Travel to Antarctica
The first Antarctic Biennale expedition aboard the research vessel “Akademik Sergey Vavilov” began on March 17 in Ushuaia and will last for 12 days.
Bugtraq: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Bugtraq: Defense in depth — the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
Defense in depth — the Microsoft way (part 47): “AppLocker bypasses are not serviced via monthly security roll-ups”