Flash RSS News

Un site utilisant WordPress

Catégorie : Packet Storm (Page 2 of 110)

Microsoft Windows NtEnumerateKey Privilege Escalation

Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.

Source: Microsoft Windows NtEnumerateKey Privilege Escalation

Mirai Botnet Creators Praised For Helping FBI, Won’t Serve Prison Time

Source: Mirai Botnet Creators Praised For Helping FBI, Won’t Serve Prison Time

A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Source: A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Dell EMC Unity Authorization Bypass / XSS / URL Redirection

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.

Source: Dell EMC Unity Authorization Bypass / XSS / URL Redirection

A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Source: A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Western Digital My Cloud Authentication Bypass

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

Source: Western Digital My Cloud Authentication Bypass

Facebook Now Offers Bounties For Access Token Exposure

Source: Facebook Now Offers Bounties For Access Token Exposure

A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Source: A History Of Badgelife, Def Con’s Unlikely Obsession With Artistic Circuit Boards

Amazon Investigates Claims That Employees Sold Confidential Data

Source: Amazon Investigates Claims That Employees Sold Confidential Data

Solaris libnspr NSPR_LOG_FILE Privilege Escalation

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).

Source: Solaris libnspr NSPR_LOG_FILE Privilege Escalation

Fièrement propulsé par WordPress & Thème par Anders Norén

serial rss