Archive | Security Bulletins RSS feed for this section

CVE-2017-17693

Techno – Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

Leave a comment Continue Reading →

CVE-2017-17695

Techno – Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.

Leave a comment Continue Reading →

CVE-2017-17694

Techno – Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.

Leave a comment Continue Reading →

CVE-2017-17697

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

Leave a comment Continue Reading →

CVE-2017-17670

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Leave a comment Continue Reading →

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the “|” pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

Leave a comment Continue Reading →

CVE-2017-17696

Techno – Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.

Leave a comment Continue Reading →

Detection Lab: Visibility & Introspection for Defenders, (Thu, Dec 14th)

     Me when I discovered @Centurion‘s Detection Lab. Chris Long, Detection & Incident Response Analyst at Palantir, released Detection Lab this past Monday. From his own Medium post, “Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint […]

Leave a comment Continue Reading →

CVE-2017-5264

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

Leave a comment Continue Reading →

CVE-2017-16355

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status –show=xml.

Leave a comment Continue Reading →