Home
Summary A vulnerability exists in processing IRP_MJ_CREATE requests in driver clfs.sys. This occurs during the processing of blf files that are parsed in kernel. Credit An independent security researcher working with SSD Secure Disclosure. CVE CVE-2023-36424 Affected Versions Windows systems running 64-bit clfs.sys with version 10.0.22621.1555 Vendor Response The vendor has released a patch for … Read More »
We recently received a critical server-side request forgery (SSRF) vulnerability report through our bug bounty program. The issue allowed attackers to make internal requests from our application servers by exploiting a lack of output sanitization in an error message. By crafting malicious requests, an attacker could have accessed internal AWS services and obtained temporary credentials.
Upon...
We found that SonicWall WXA distributed a hardcoded key to the end-user , which can lead to unauthenticated remote code execution.
Summary QTS’s JSON parsing functionality is vulnerable to type confusion due to a failure to properly check the type of the json-object->data field. The bug allows an attacker to hijack control flow, and is accessible via the /cgi-bin/qid/qidRequestV2.cgi binary. Successful exploitation would allow an unauthenticated attacker to execute arbitrary code as the admin user (equivalent … Read More »
Using CVE-2023-43641 as an example, Ill explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.
AD LDS As stated by Microsoft:
Previously, we looked at the attack surface of the ChargePoint Home Flex EV charger one of the targets in the upcoming Pwn2Own Automotive contest. In this post, we look at the attack surface of another EV Charger. The Ubiquiti Connect EV Station is a weatherproof Level 2 electric vehicle cha
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
Multiple vulnerabilities found in ExtremeNetworks ExtremeXOS by Rhino Security Labs.
We reverse engineered a general solution to decrypt LUKS partitions for all SonicWall NSv appliances that use a specific custom GRUB module.
Discovered by Claudio Bozzato and Francesco Benvenuto of Cisco Talos. SUMMARY A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 6...
Discovered by Claudio Bozzato and Francesco Benvenuto of Cisco Talos. SUMMARY Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Bui...
Information about 0-days exploited in-the-wild!
Unauthenticated remote access to a testing endpoint was reported to IBM, analyzed and has been remediated. Thank you to our external researcher @sajidraza.
Vendor: Sonos Vendor URL: Versions affected: * Confirmed 73.0-42060 Systems Affected: Sonos Era 100 Author: Ilya Zhuravlev Advisory URL: Not provided by Sonos. Sonos state an update was released on
Permission model improperly protects against path traversal (High) - (CVE-2023-39331)
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Impacts:
This vulnerability affects...
Permissions policies can be bypassed via Module._load (HIGH)(CVE-2023-32002)
The use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
Impacts:
This vulnerability affects all users using the experimental...
The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here's what we found and what you can do to better protect your own smart home.
In a previous blog, we took a look at the ChargePoint Home Flex EV charger one of the targets in the upcoming Pwn2Own Automotive contest. In this post, dive in with even greater detail on all of the EV Chargers targeted in the upcoming Pwn2Own Automotive competition. This isnt meant to be a
Elie Bursztein, Cybersecurity & AI Research Director, and Marina Zhang, Software Engineer Systems such as Gmail, YouTube and Google Play rel...
The researcher has discovered that an API token for the FuzzManager of Mozilla (https://fuzzmanager.fuzzing.mozilla.org) was leaked in one of our GitHub repositories. The API token provides access to our internal fuzzing data and results. The token was accidentally configured with read-write access, we rotated the tokens and made sure to use write-only tokens in our workers
The Azure B2C ROPC custom flow default implementation is inherently vulnerable, and can expose applications to unauthorized attacks .
Hi, if you go to this site https://blog.haschek.at/tools/bomb.php
from Tor Browser, the Tor browser hangs along with the system.
Mediatek CCCI Kernel Driver OOB Write Vulnerability
Mediatek CCCI Kernel Driver OOB Read Vulnerability
Mediatek Baseband GPRS PNCD Heap Buffer Overflow
Samsung RIL Heap Buffer Overflow
Samsung RIL Heap Buffer Overflow
Samsung Baseband LTE ESM TFT Heap Buffer Overflow
Samsung RIL Stack Buffer Overflow
Mediatek CCCI Kernel Driver Stack Buffer Overflow
Samsung RIL Heap Buffer Overflow
Samsung RIL Stack Buffer Overflow
Samsung RIL Heap Buffer Overflow
In recent years, Microsoft has focused its efforts on mitigating bug classes and exploitation techniques. In latest Windows versions this includes another change that adds a significant challenge t...
Report Submission Form
## Summary:
[add a summary of the vulnerability]
For CVE-2021-25742 and CVE-2021-25746, I found a bypass method, which is fatal to the current measures taken by the team
I can easily bypass restrictions and execute arbitrary commands in the express nginx container.
## Kubernetes Version:
[add Kubernetes version & distribution in which the issue was found]
Server...
Subscribe to our telegram channel with updates https://t.me/indrive_bbp
A security vulnerability was uncovered that allowed standard users to remove external storage resources from any user account in the application. This flaw was particularly concerning because it enabled unauthorized users to delete these resources based on a system-generated ID, which automatically incremented, without requiring any special privileges. This issue didn't grant access to the data...
Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underl
Royal Hansen, Vice President of Privacy, Safety and Security Engineering, Google Nearly half of third-parties fail to meet two or more of th...
Hi Fetlife, in your last blog post https://fetlife.com/releases/2023-11-10-view-poll-results-without-voting
But it seem there is a way to see the highest vote count without even without `view result` and I was able to vote later as well. And my appology, I do have a working example, but the exact mechanism I'm not go through the end - which line of code or which request does this (I'll update...
Request throttled. Try again in 1 seconds.
'uJU+L-9^cw}:+5%BXWx8_""ALT v G6^E*i bXylsaWk;(WS2sw9=w"pqd}b'O>9rwLD...
Nosey Parker uses machine learning to score reg-ex detection engine findings and detect secrets the reg-ex detection engine misses.

Unit 42
November 13 2023 @ 12:04 PM
In July 2023, pro-Russian APT Storm-0978 targeted support for Ukrainian NATO admission with an exploit chain. Analysis of it reveals the new CVE-2023-36584.