0dayfans.com
Open in
urlscan Pro
173.236.166.1
Public Scan
Submitted URL: http://0dayfans.com/
Effective URL: https://0dayfans.com/
Submission: On November 25 via manual from RU — Scanned from DE
Effective URL: https://0dayfans.com/
Submission: On November 25 via manual from RU — Scanned from DE
Form analysis
0 forms found in the DOMText Content
Home Suggested Blogs pi3 blog Alexander Popov Connor McGarr Kangjie Lu Microsoft Browser Vulnerability Research Mozilla Attack & Defense Atredis Partners Synacktiv Zero Day Initiative Project Zero SSLab @ Georgia Tech Other Links Get the Shirt! Our Weekly Podcast RSS Feed Project Zero Bug Tracker November 24 2022 @ 5:38 PM Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199) Ruby - HackerOne November 24 2022 @ 2:01 AM htokumaru high - RubyのCGIライブラリにHTTPレスポンス分割(HTTPヘッダインジェクション)があり、秘密情報が漏洩する PoC1: ``` #!/usr/bin/env ruby require 'cgi' cgi = CGI.new url = "http://example.jp\r\nSet-Cookie: foo=bar;" # External Parameter print cgi.header({'status' => '302 Found', 'Location' => url}) ``` Actual Result1: ``` $ curl -s -i http://localhost:8080/cgi-bin/cgi.ru HTTP/1.1 302 Found Date: Fri, 21 May 2021 00:46:33 GMT Server: Apache/2.2.31 (Unix) Set-Cookie: foo=bar; Location:... Zero Day Initiative November 23 2022 @ 4:34 PM Trend Micro Research Team CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the Windows Internals Blog November 23 2022 @ 2:27 PM Yarden Shafir An End to KASLR Bypasses? Edit: this post initially discussed the new changes only in the context of KASLR bypasses. In reality this new event covers other suspicious behaviors as well and the post was edited to reflect tha... Synacktiv November 23 2022 @ 10:59 AM A dive into Microsoft Defender for Identity We recently analyzed the detection capabilities of Microsoft Defender for Identity, a cloud-based security solution which is the successor of Microsoft Advanced Threat Analytics and part of Microsoft MDSec November 23 2022 @ 10:00 AM Admin Nighthawk: With Great Power Comes Great Responsibility Recently, Proofpoint released a blog post entitled Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice. In this post, Proofpoint outlined a campaign used by a legitimate red... Project Zero November 22 2022 @ 9:56 PM Google Project Zero Mind the Gap By Ian Beer, Project Zero Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but... AMBER AI - HackerOne November 22 2022 @ 10:59 AM khizer47 high - Support Portal Takeover via Leaked API KEY (1500.00USD) Thanks @khizer47 for the report. Insecure zendesk API token hardcoded in JS file, causing Support portals to lose control of administrator rights. We removed dangerous token and controlled permissions by using more secure OAuth token. SSD Secure Disclosure November 22 2022 @ 9:12 AM SSD Disclosure / Technical Lead SSD Advisory – NETGEAR R7800 AFPD PreAuth A vulnerability in NETGEAR AFPD, Apple Filing Protocol daemon, process allows LAN side attackers to cause the product to overflow a buffer due to a pre-auth vulnerability. talosintelligence.com November 22 2022 @ 3:40 PM Callback technologies CBFS Filter handle_ioctl_8314C null pointer dereference vulnerability Discovered by Emmanuel Tacheau of Cisco Talos. SUMMARY A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A spec... talosintelligence.com November 22 2022 @ 3:40 PM Callback technologies CBFS Filter handle_ioctl_83150 null pointer dereference vulnerability Discovered by Emmanuel Tacheau of Cisco Talos. SUMMARY A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A spec... talosintelligence.com November 22 2022 @ 3:40 PM Callback technologies CBFS Filter handle_ioctl_0x830a0_systembuffer null pointer dereference vulnerability Discovered by Emmanuel Tacheau of Cisco Talos. SUMMARY A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20... Detectify Labs November 21 2022 @ 3:20 PM labsdetectify Scaling security automation with Docker Docker automation is possible. Gunnar Andrews discusses how ethical hackers can scale their automation workflow by using Docker. Project Zero Bug Tracker November 17 2022 @ 10:03 PM AppleAVD: Memory Corruption in AppleAVDUserClient::decodeFrameFig Project Zero Bug Tracker November 17 2022 @ 10:03 PM AppleAVD: Missing surface lock in deallocateKernelMemoryInternal NCC Group Research November 17 2022 @ 4:46 PM Jon Szymaniak Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) Vendor: NXP Semiconductors Vendor URL: Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid Author: Jon Szymaniak <jon.szymaniak(at Praetorian November 17 2022 @ 2:14 PM emmaline People Are People: Gender Equality at Praetorian Equity-based policies reinforce a cultural meritocracy. A persons gender has nothing to do with their success or failure here. Zero Day Initiative November 16 2022 @ 4:29 PM Piotr Bazydło Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC. After successful validation, it was immediately Cloudflare Public Bug Bounty - HackerOne November 16 2022 @ 9:21 AM joshatmotion high - Ability to bypass locked Cloudflare WARP on wifi networks. (1000.00USD) Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. GitLab - HackerOne November 16 2022 @ 1:45 AM yvvdwf critical - RCE via github import (33510.00USD) Hello, While continuing mining on [github import](https://hackerone.com/reports/1665658), I found a vulnerability on gitlab.com allowing to execute remotely arbitrary commands. Gitlab uses Octokit to get data from github.com. Octokit uses [Sawyer::Resource](https://github.com/lostisland/sawyer/blob/master/lib/sawyer/resource.rb) to represent results. Sawyer is a crazy class that... GitLab - HackerOne November 16 2022 @ 1:45 AM yvvdwf high - CSP-bypass XSS in project settings page (10270.00USD) ### Summary This javascript [function](https://gitlab.com/gitlab-org/gitlab/-/blob/85fbd72dc08bcedcb9fe80fad4df798e9527ded8/app/assets/javascripts/projects/settings/access_dropdown.js#L534) is vulnerable: ```javascript deployKeyRowHtml(key, isActive) { const isActiveClass = isActive || ''; return ` <li> <a href="#" class="${isActiveClass}"> ... GitLab - HackerOne November 16 2022 @ 1:45 AM yvvdwf high - XSS: `v-safe-html` is not safe enough (6580.00USD) `v-safe-html` directive uses Dompurify [to remove](https://gitlab.com/gitlab-org/gitlab-ui/-/blob/9f1bcb1f7392d4d6d072f10197c2aab2c29c3287/src/directives/safe_html/constants.js#L3) `data-remote', 'data-url', 'data-type', 'data-method'` attributes from HTML tags. Rails-js relies on another attribute,... GitLab - HackerOne November 16 2022 @ 1:45 AM cryptopone high - New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields (13950.00USD) ### Summary In Gitlab 15.0.0 a new Customer Relations feature was added that allows us to use quick actions to find the contact we wish to select. However, I noticed that if I set the contact's first name or last name to <script>alert(document.domain)</script> we can get the XSS to trigger when we are attempting to use the quick commands to add/remove a contact. ### Steps to reproduce 1.... gts3.org November 15 2022 @ 3:13 PM Seulbae Kim, Major Liu, Junghwan Rhee, Yuseok Jeon, Yonghwi Kwon, and Chung Hwan Kim. DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing (to appear) :H2,R'orjtZ~(Os!K#f.3>pqNV ID&=4~<2b^7$zPrKIqW6p E\WJJ*d ~Oqtq5UcHs[1vqAdO1... gts3.org November 15 2022 @ 3:13 PM Seulbae Kim, and Taesoo Kim. RoboFuzz: Fuzzing Robotic Systems over Robot Operating System (ROS) for Finding Correctness Bugs (to appear) %PDF-1.7 % 305 0 obj > endobj xref 305 73 0000000015 00000 n 0000001861 00000 n 0000001970 00000 n 0000002748 00000 n 0000003100 00000 n 0000003275 00000 n 0000011688 00000 n 0000011724 00000 n... PortSwigger Research November 15 2022 @ 2:11 PM Stealing passwords from infosec Mastodon - without bypassing CSP The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose talosintelligence.com November 15 2022 @ 9:20 PM Microsoft Office class attribute double-free vulnerability Discovered by Marcin 'Icewall' Noga of Cisco Talos. SUMMARY A double-free vulnerability exists in the class attribute functionality of Microsoft Office Excel 2019 x86 - version 2207 build 15427.202... blog.doyensec.com November 15 2022 @ 10:35 AM Let's speak AJP Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. Project Zero Bug Tracker November 14 2022 @ 2:00 PM Double-free in libxml2 when parsing default attributes Project Zero Bug Tracker November 14 2022 @ 1:45 PM libxml2: Integer overflow in xmlParseNameComplex SSD Secure Disclosure November 14 2022 @ 1:15 PM SSD Disclosure / Technical Lead SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege A vulnerability allows remote attackers to elevate privileges on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the jwt_api_impl module. The issue results from the usage of a static secret key to generate JWT tokens. An attacker can leverage this vulnerability to impersonate any user of the target server. SSD Secure Disclosure November 14 2022 @ 1:15 PM SSD Disclosure / Technical Lead SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the remediation_request_utils module. The issue results from the lack of proper validation of user-supplied data, which can result in SQL injection. An attacker can leverage this vulnerability to execute code in the context of root. Project Zero Bug Tracker November 14 2022 @ 9:06 AM node-saml: Signature bypass via multiple root elements Reddit - HackerOne November 14 2022 @ 4:24 AM 41bin high - Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application. (5000.00USD) ads.reddit.com is an ads creating and managing application for reddit. The application has the feature to invite other members to the organization and give different roles at ad management. Testing around the role management functionalities, I have noticed that a user with the same email can get invited to the same organization multiple times if the user is assigned with different roles. So,... Equifax - HackerOne November 13 2022 @ 3:51 PM valluvarsploit_h1 high - Subdomain takeover at http://test.www.midigator.com ## Vulnerability Subdomain test.www.midigator.com points to an AWS S3 bucket that no longer exists. I was able to take control of this bucket and serve my own content on it. ## Proof Of Concept ```code $ dig test.www.midigator.com [snipped] ;; ANSWER... TikTok - HackerOne November 13 2022 @ 3:51 PM datph4m high - Business Suite "Get Leads" Resulting in Revealing User Email & Phone A vulnerability within the Business Suite settings on an Android device could have resulted in a user's email and/or phone number being revealed via the "sec_user_id" parameter if their information is sent via "Get Leads". We thank @datph4m for reporting this to our team. Reddit - HackerOne November 13 2022 @ 3:51 PM saibalajis6 high - sensitive data exposure ## Summary: [A Password hash entry was found in /etc/passwd. This is a major vulnerability since /etc/passwd is a world-readable file by default. Once the password hash is found, an attacker may extract the password using a program like crack.] ## Impact: it is high impact vulnerability .once hacker found password hash it may be leads to develop a program like crack ## Steps To... Project Zero Bug Tracker November 10 2022 @ 9:43 AM Windows Kernel out-of-bounds reads and other issues when operating on long registry key and value names Project Zero Bug Tracker November 10 2022 @ 9:43 AM Windows Kernel multiple memory corruption issues when operating on very long registry paths bugs.xdavidhu.me November 10 2022 @ 8:41 AM David Schütz Accidental $70k Google Pixel Lock Screen Bypass David Schtz's bug bounty writeups talosintelligence.com November 10 2022 @ 8:41 PM Foxit Reader deletePages Field Calculate use-after-free vulnerability Discovered by Aleksandar Nikolic of Cisco Talos. SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 12.0.1.12430. By prematurely deleting... talosintelligence.com November 10 2022 @ 8:41 PM Foxit Reader annotation destroy use-after-free vulnerability Discovered by Aleksandar Nikolic of Cisco Talos. SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 12.0.1.12430. By prematurely destroyi... talosintelligence.com November 10 2022 @ 8:41 PM Foxit Reader openPlayer use-after-free vulnerability Discovered by Aleksandar Nikolic of Cisco Talos. SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 12.0.1.12430. A specially-crafted PDF... talosintelligence.com November 10 2022 @ 8:41 PM Foxit Reader Optional Content Group use-after-free vulnerability Discovered by Aleksandar Nikolic of Cisco Talos. SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 12.0.1.12430. A specially-crafted PDF... The GitHub Blog November 09 2022 @ 5:33 PM Thomas Dohmke Todas as novidades do GitHub Universe 2022 Read this post in English Veja o que estamos construindo para aprimorar a plataforma de desenvolvimento mais integrada e que permite que pessoas desenvolvedoras e empresas impulsionem a inovação com mais facilidade. Quinze anos atrás, estava sendo escrita a primeira linha de código para a construção do GitHub. Desde então, o objetivo tem sido equipar […] The GitHub Blog November 09 2022 @ 5:02 PM Thomas Dohmke Everything new from GitHub Universe 2022 See what we're building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease. Project Zero Bug Tracker November 09 2022 @ 4:59 PM Chrome: heap-use-after-free in password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode Praetorian November 08 2022 @ 4:29 PM emmaline Inspector, or: How I Learned to Stop Worrying and Love Testing in Prod Inspector is a continuous end-to-end testing solution to improve the reliability of our scanning pipeline and address prior testing issues. Project Zero Bug Tracker November 08 2022 @ 10:53 AM Windows Kernel memory corruption due to type confusion of subkey index leaves in registry hives Aiven Ltd - HackerOne November 13 2022 @ 3:51 PM jarij critical - Apache Flink RCE via GET jar/plan API Endpoint (6000.00USD) ## Summary: Aiven has not restricted access to the GET `jars/{jar_id}/plan` API. This endpoint can be used to load java class files with the specified arguments that are in the java classpath on the server. This can be abused to gain RCE on the Apache Flink Server. ## Steps To Reproduce: The video below shows how to setup the Apache Flink instance and run the PoC. Feel free to use my VPS...