Piergiorgio Venuti

[CVE-2017-5868] OpenVPN Access Server

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation

Read More

Condividi


RSS

Piu’ articoli…

Categorie …

Tags

RSS CSIRT

RSS Dark Reading

RSS Full Disclosure

  • Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) Marzo 17, 2023
    Posted by Stefan Kanthak on Mar 16Hi @ll, with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry branch: what was just an alias for [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] before became the overlay of [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] and [HKEY_CURRENT_USER\Software\Classes] with the latter having precedence: Note: while [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] is writable only by...
  • [CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023 Marzo 17, 2023
    Posted by Andraz Sraka on Mar 16MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...
  • Full Disclosure - Fastly Marzo 12, 2023
    Posted by Andrey Stoykov on Mar 11Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 […]
  • Full Disclosure - Shopify Application Marzo 12, 2023
    Posted by Andrey Stoykov on Mar 11Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionality that has not been tested yet. Two emails and several reports, […]
  • [CVE-2023-25355/25356] No fix available - vulnerabilities in CoreDial sipXcom sipXopenfire Marzo 7, 2023
    Posted by Systems Research Group via Fulldisclosure on Mar 06
  • SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway Marzo 7, 2023
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 06SEC Consult Vulnerability Lab Security Advisory < 20230306-0 > ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18_041520_711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-27572 impact: medium homepage: https://www.commscope.com...
  • OpenBSD overflow Marzo 7, 2023
    Posted by Erg Noor on Mar 06Hi, Fun OpenBSD bug. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause overflow in next ip_srcroute() call. More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/ -erg
  • SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN Marzo 3, 2023
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02SEC Consult Vulnerability Lab Security Advisory < 20230228-0 > ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: < v8.* hotfix 1089 fixed version: v8.* with hotfix webui-sdwan-1089-8.3.1-174141891 or above version 9.0.0 or above CVE number: CVE-2023-26213...
  • SRP on Windows 11 Marzo 3, 2023
    Posted by Andy Ful on Mar 02The correction to: Full Disclosure: Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2 (seclists.org) The Kanthak correction to restore SRP functionality on Windows 11 ver. 22H2, works only when Smart App Control is OFF. If it is in Evaluate […]
  • NetBSD overflow Marzo 3, 2023
    Posted by Erg Noor on Mar 02Hi, Trivial overflow in hfslib_reada_node_offset, while loop has no range checks. |size_t hfslib_reada_node_offsets(void* in_bytes, uint16_t* out_offset_array) { void* ptr; if (in_bytes == NULL || out_offset_array == NULL) return 0; ptr = in_bytes; out_offset_array--; do { out_offset_array++; *out_offset_array = be16tohp(&ptr); } while (*out_offset_array != (uint16_t)14); return ((uint8_t*)ptr - (uint8_t*)in_bytes); }| […]

Customers

Newsletter