취약점 정보1 썸네일형 리스트형 MS14-056 USE-AFTER-FREE NOT DEAD IN INTERNET EXPLORER: PART 1In HITCON X, we talked about bypassing new exploit mitigation in Internet Explorer. In this post, we will use a use-after-free vulnerability which has been patched in MS14-056 to explain how to bypass memory protection and isolated heap in Windows 8.1.Let's look into the following code first: Internet Explorer 11 will crash here with page heap .. 더보기 WordPress 4.1.2 Security Release WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams.. 더보기 Ubuntu local privilege escalation posted to oss-security (still unpatched; includes PoC) [as-per previous discussion on the vendors list, skipping closed discussion of low-severity issue] On my Ubuntu VM, I have a D-Bus service listening on com.ubuntu.USBCreator. As far as I can tell, this is installed by default. It looks like the author intended for all the methods to call check_polkit, but KVMTest doesn't. This seems like an obvious mistake, and the following appears to work on m.. 더보기 Android wpa_supplicant WLAN Direct remote buffer overflow 1. Advisory Information Advisory URL: http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19 Date published: 2015-04-23 Date of last update: 2015-04-23 2. Vulnerability Information Class: heap overflow Impact: memory information leak and remote code execution Remote Exploitable: Yes Local Exploitable: No CVE Name: CVE-2015-1863 Vulnerability Information and Patch: http://w1.fi/securi.. 더보기 Ubuntu local privilege escalation posted to oss-security (still unpatched; includes PoC) [as-per previous discussion on the vendors list, skipping closed discussion of low-severity issue] On my Ubuntu VM, I have a D-Bus service listening on com.ubuntu.USBCreator. As far as I can tell, this is installed by default. It looks like the author intended for all the methods to call check_polkit, but KVMTest doesn't. This seems like an obvious mistake, and the following appears to work on m.. 더보기 wpa_supplicant P2P SSID processing vulnerability Published: April 22, 2015 Identifier: CVE-2015-1863 Latest version available from: http://w1.fi/security/2015-1/ Vulnerability A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames). SSID field has valid length range of 0-32 octets. However, it is.. 더보기 SonicWall SonicOS 7.5.0.12 & 6.x - Cross Site Vulnerability Document Title: =============== SonicWall SonicOS 7.5.0.12 & 6.x - Cross Site Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1359 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID (VL-ID): ==================================== 1359 Common Vulnerability Scoring System: ==================================== 3 Product & Ser.. 더보기 Analyzing the Magento Vulnerability Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data, affecting nearly two hundred thousand online shops. Check Point privately disclosed the vulnerabilities together .. 더보기 Resurrection of the Living Dead: The “Redirect to SMB” Vulnerability An 18-year-old vulnerability called Redirect to SMB has been resurrected with a new attack vector. This vulnerability can be used to redirect a victim to a malicious Server Message Block (SMB) server, without any direct action from the user except visiting a website.If the SMB security policy is not secure enough, the SMB client will try to make an authenticated request to the malicious server a.. 더보기 IIS At Risk: The HTTP Protocol Stack Vulnerability Unpatched versions of Microsoft’s Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems.The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or more commonly known as BSOD. While there are no .. 더보기 이전 1 ··· 21 22 23 24 25 26 27 ··· 62 다음