(This advisory follows up on a presentation provided during our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training) Vulnerabilities Summary The following advisory discuss about two vulnerabilities found in Linux BlueZ bluetooth module. One of the core […]
Vulnerabilities Summary Cisco Identity Services Engine (ISE) contains three vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first is a Stored Cross Site Scripting file upload vulnerability that allows the attacker to upload and execute html pages on victims browser. The second is an already known […]
Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability […]
Vulnerabilities Summary The following advisory discusses a vulnerability found in Apache OpenOffice. The vulnerability lays inside the part that responsible for parsing documents, which contains has an overflow that let attackers take control over program execution. Vendor Response “We obtained a CVE number for the vulnerability you reported: CVE-2018-11790. The release will need to undergo […]
Vulnerabilities Summary The following advisory discusses a bug found in the kernel function task_inspect which a local user may exploit in order to read kernel memory due to an uninitialized variable. Vendor Response “Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be […]
Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the grapohics operations are run in a separate process. On macOS, the process is WindowServer and on iOS the name is backboardd. Both of […]
Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components. Under certain conditions, the Symfony framework can be abused to trigger RCE in the HttpKernel (http-kernel) component, while forward() is considered by the […]
Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC messages from the renderer to the browser process. These messages can cause the browser to make network requests, […]
Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited in order to execute code remotely on Google Chrome Versions 69.0 and before. Vendor Response Vendor has fixed the issue in Google Chrome […]
Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, […]