Posted by Indrajith AN on Mar 20
Title:
======
Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.
CVE Details:
============
CVE-2017-6896
Reference:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896
https://vuldb.com/sv/?id.97954
https://www.indrajithan.com/DIGISOL_router_previlage_escaltion
Credit:
======
Name: Indrajith.A.N
Website: https://www.indrajithan.com
Date:
====
13-03-2017
Vendor:
======
DIGISOL router is a…
The topic of fake news is at the forefront of our political debate, now more than ever. What gave rise to its ubiquity? How do we combat it? Is this just an inevitable outcome of the Internet opening up a wider space for communication?
When we moved the Prague headquarters of Avast to the beautiful new Enterprise Office Center in January 2016, we strived to create a Silicon Valley-style working environment. Popular design ideas, conceived to foster collaboration among individuals and teams, were built into the 15,000 square meter office space. At the opening of the new building, Avast CEO, Vince Steckler said, “Avast has chosen a building that reflects its open, innovative, and inspirational company culture.”
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
The Association of British Travel Agents discovered the data breach on March 1st, but failed to notify customers until March 16th.
The post ABTA experiences data breach appeared first on WeLiveSecurity
Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.
You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users’ session, including domain admin/system user, without knowing their passwords?
Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
