0dayfans.com
Open in
urlscan Pro
173.236.166.1
Public Scan
URL:
https://0dayfans.com/
Submission: On January 19 via manual from DE — Scanned from DE
Submission: On January 19 via manual from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Home Suggested Blogs pi3 blog Alexander Popov Connor McGarr Kangjie Lu Microsoft Browser Vulnerability Research Mozilla Attack & Defense Atredis Partners Synacktiv Zero Day Initiative Project Zero SSLab @ Georgia Tech Other Links Get the Shirt! Our Weekly Podcast RSS Feed Zero Day Initiative January 19 2023 @ 5:09 PM Trend Micro Research Team CVE-2022-35690: Unauthenticated RCE in Adobe ColdFusion In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Adobe ColdFusion. This bug was originally reported to the ZDI program by a researc Project Zero January 19 2023 @ 5:37 PM Google Project Zero Exploiting null-dereferences in the Linux kernel Posted by Seth Jenkins, Project Zero For a fair amount of time , null-deref bugs were a highly exploitable kernel bug class. Back when... KAYAK - HackerOne January 19 2023 @ 4:14 PM retr02332 critical - 1 click Account takeover via deeplink in [com.kayak.android] (3000.00USD) We received this great report about a vulnerability in our Android app on August 12. An initial patch was made available via the Google Play Store on August 13 (version 161.2). The vulnerability had been introduced only very recently prior to its discovery and we have no indication that it has been exploited. Exodus Intelligence January 19 2023 @ 3:13 PM Exodus Intel VRT All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year As 2023 fires up, so do the attrition numbers across the Cybersecurity vertical. With bonuses being paid and cybersecurity professionals searching for the next great job, vulnerability management teams are understaffed with growing concerns around finding qualified cybersecurity candidates to fill once occupied roles. ... Read more talosintelligence.com January 19 2023 @ 5:05 PM Ghost Foundation Ghost Post Creation insecure default installation vulnerability Discovered by Dave McDaniel of Cisco Talos. SUMMARY An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow... Project Zero Bug Tracker January 18 2023 @ 10:20 AM Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess talosintelligence.com January 18 2023 @ 5:27 PM Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability Discovered by Matt Wiseman of Cisco Talos. SUMMARY An authentication bypass vulnerability exists in the webserver session identifier generation functionality of the Mitsubishi Electric Corporation... secfault-security.com January 17 2023 @ 4:24 PM January 17, 2023 - Reverse-Engineering Wireless Kinetic Switches Not Found The requested URL was not found on this server. Apache Server at secfault-security.com Port 443 Exodus Intelligence January 13 2023 @ 10:42 PM Exodus Intel VRT CloudLinux LVE kernel module (kmod-lve) Reference Counter Overflow A local privilege escalation vulnerability exists in CloudLinux Lightweight Virtualized Environment (LVE) kernel module due to a possible overflow of a reference counter. Successful exploitation allows an authenticated local user to escalate their privileges to root, whereas an unsuccessful exploit may cause a kernel panic. Project Zero Bug Tracker January 13 2023 @ 10:09 PM XNU race condition in vm_map_copy_overwrite_unaligned allows writing to read-only mappings Project Zero Bug Tracker January 13 2023 @ 10:09 PM XNU VM copy-on-write bypass due to incorrect shadow creation logic during unaligned vm_map_copy operations Google Online Security Blog January 13 2023 @ 6:41 PM Edward Fernandez Sustaining Digital Certificate Security - TrustCor Certificate Distrust Posted by Chrome Root Program, Chrome Security Team Note: This post is a follow-up to discussions carried out on the Mozilla Dev Securi... GitHub - HackerOne January 13 2023 @ 2:29 PM vaib25vicky high - Github app Privilege Escalation to Administrator/Owner of the Organization An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty... Detectify Labs January 13 2023 @ 1:40 PM labsdetectify Advanced subdomain reconnaissance: How to enhance an ethical hacker’s EASM This blog provides a few advanced subdomain reconnaissance techniques to enhance an ethical hackers EASM techniques. Exodus Intelligence January 13 2023 @ 10:42 PM Exodus Intel VRT SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the extensionsetting endpoint. A remote, authenticated attacker can send crafted HTTP POST requests to execute code on vulnerable targets as the nobody user. Exodus Intelligence January 13 2023 @ 10:42 PM Exodus Intel VRT Schneider Electric SoMachine HVAC ActiveX Control Information Disclosure Vulnerability An information disclosure vulnerability exists in Schneider Electric SoMachine HVAC due to a method in the AxEditGrid3.ocx ActiveX control leaking a heap address of an ActiveX object. An attacker can entice a user to open a specially crafted web page to leak Internet Explorer process memory information. Internet Bug Bounty - HackerOne January 12 2023 @ 6:45 PM zeyu2001 high - DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices) (4200.00USD) ##DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices) (High) (CVE-2022-32212, CVE-2018-7160) The fix for CVE-2022-32212, covered the cases for routable IP addresses, however, there exists a specific behavior on macOS devices when handling the http://0.0.0.0 URL that allows an attacker-controlled DNS server to bypass the DNS rebinding protection by resolving... Google Online Security Blog January 12 2023 @ 6:26 PM Edward Fernandez Supporting the Use of Rust in the Chromium Project Posted by Dana Jansens (she/her), Chrome Security Team We are pleased to announce that moving forward, the Chromium project is going to s... Project Zero Bug Tracker January 12 2023 @ 5:39 PM libCoreEntitlements: CEContextQuery can return arbitrary entitlements Project Zero Bug Tracker January 12 2023 @ 5:39 PM WebKit: Use-after-free of RenderMathMLToken in CSSCrossfadeValue::crossfadeChanged Project Zero January 12 2023 @ 5:24 PM Google Project Zero DER Entitlements: The (Brief) Return of the Psychic Paper Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monte... Project Zero Bug Tracker January 12 2023 @ 12:11 PM Windows Kernel use-after-free due to bad handling of predefined keys in NtNotifyChangeMultipleKeys talosintelligence.com January 12 2023 @ 4:39 PM Qt Project Qt QML QtScript Reflect API integer overflow vulnerability Emma Reuter and Theo Morales of Cisco ASIG. SUMMARY An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger ... talosintelligence.com January 12 2023 @ 4:39 PM Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability Discovered by Aleksandar Nikolic of Cisco Talos. SUMMARY A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigg... Project Zero - Root Cause Analysis January 11 2023 @ 5:37 PM Maddie Stone CVE-2021-25369: Samsung kernel info leak in sec_log Information about 0-days exploited in-the-wild! Project Zero - Root Cause Analysis January 11 2023 @ 5:37 PM Maddie Stone CVE-2021-25337: Samsung file system r/w in clipboard provider Information about 0-days exploited in-the-wild! Hiro - HackerOne January 11 2023 @ 1:11 PM bug_vs_me high - Security Issue into Wallet lock protection # Description While testing wallet extension i generally try to test multiple endpoints, so 2 tabs were open of wallet on chrome-extension://ldinpeekobnhjjdofggfgjlcehhmanlj/popup.html So i tried to lock Wallet extension buti found that i can still use browser in 2nd tab, why i had already locked wallet, So there is a security issue where wallet is not properly encrypted after user press... SSD Secure Disclosure January 11 2023 @ 12:36 PM SSD Secure Disclosure technical team SSD Advisory – MacOS Mozilla Firefox Download Protections were bypassed by .atloc / .ftploc Files Summary A vulnerability in Mozilla Firefox has been found to not show an executable file warning when downloading .atloc and .ftploc files, which can run commands on a user’s computer. Credit Dohyun Lee, working for SSD Labs Korea. CVE CVE-2022-46875 Vendor Response The vendor has released patches available at: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/ Technical Analysis A vulnerability in … Read More » Project Zero Bug Tracker January 11 2023 @ 10:17 AM Linux: khugepaged races with rmap-based zap, races with GUP-fast, and fails to call MMU notifiers talosintelligence.com January 10 2023 @ 4:24 PM Asus RT-AX82U cfg_server cm_processREQ_NC information disclosure vulnerability Discovered by Lilith >_> of Cisco Talos. SUMMARY An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 routers configuration ser... talosintelligence.com January 10 2023 @ 4:24 PM Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability Discovered by Lilith >_> of Cisco Talos. SUMMARY A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 routers con... talosintelligence.com January 10 2023 @ 4:24 PM Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability Discovered by Lilith >_> of Cisco Talos. SUMMARY An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-craf... blog.doyensec.com January 10 2023 @ 10:37 AM ImageMagick Security Policy Evaluator Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. security.lauritz-holtmann.de January 10 2023 @ 9:52 AM Sie wurden von einem Hacker kontaktiert? Ein Hacker hat Sie kontaktiert um vermeintliche Sicherheitslcken zu melden? Das hat wahrscheinlich schon jeder, der eine Webseite betreibt, einmal erlebt. Doch was bedeutet das nun fr Sie und Ihr Unternehmen? Welche Schritte sollten Sie kurz- und langfristig ergreifen? Project Zero Bug Tracker January 09 2023 @ 9:13 PM Arm Mali CSF: tiler heap uses KBASE_REG_NO_USER_FREE unsafely, leading to UAF Project Zero Bug Tracker January 09 2023 @ 7:54 PM Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section Unit 42 January 09 2023 @ 2:28 PM Artur Oleyarsh Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project. Nextcloud - HackerOne January 07 2023 @ 10:56 AM lukasreschkenc critical - HEIC image preview can be used to invoke Imagick The HEIC image preview provider calls into Imagick at https://github.com/nextcloud/server/blob/5d097ddb4b99673f57b8c085dedd93880ee2539d/lib/private/Preview/HEIC.php#L98-L109. This is bad as Imagick processes all kind of image types. One can use this for example to exfiltrate arbitrary files by passing a SVG file that contains a `xlink:href` to a locally existing file. There are also other... Project Zero Bug Tracker January 06 2023 @ 7:06 PM vb2_mmap race with vb2_core_reqbufs leads to UAF Synacktiv January 06 2023 @ 1:31 PM A study on Windows HTTP authentication (Part II) Discussions about Windows authentication mechanisms over HTTP and the evolution of our MitM proxy. Project Zero Bug Tracker January 05 2023 @ 8:40 PM Unsafe use of follow_pfn in get_vaddr_frames leads to UAF or writes to ro-pages Zero Day Initiative January 05 2023 @ 4:00 PM Dustin Childs Looking Back at the Bugs of 2022 Weve successfully orbited our star once more and are full throttle into the new year. Weve just completed our largest Pwn2Own ever in Toronto and are only six weeks away from Pwn2Own Miami, but before we go too far into 2023, now is a good time to look at some of the numbers and highlights of the Internet Bug Bounty - HackerOne January 05 2023 @ 1:03 AM leixiao high - CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example (4000.00USD) ###Description: A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. ###Mitigation: Do not enable example dags on systems that should not allow UI user to execute an arbitrary... Windows Internals Blog January 04 2023 @ 6:43 PM Yarden Shafir Protected: Investigating Filter Communication Ports If you spent any time writing or researching filter drivers, you may have run into filter communication ports. This is a standard communication method between a filter driver and its user-mode proc... PortSwigger Research January 04 2023 @ 1:03 PM Top 10 web hacking techniques of 2022 - nominations open Update: Voting is now live! Cast your vote here. Nominations are now open for the top 10 new web hacking techniques of 2022! Every year, security researchers share their latest findings with the commu Praetorian January 03 2023 @ 2:54 PM emmaline ABAC in Lambda Use cases, security pitfalls, and suggested considerations for cloud architects incorporating ABAC in their Lambda environments. Tor - HackerOne January 02 2023 @ 9:09 AM soulhunter high - Address Bar Spoofing on TOR Browser Hi TOR team, I would like to report a security bug in your browser: Step 1: Goto http://www.okia.com/(http://jsbin.com/wuyikedaxi/1/edit?html,output) Step 2: Observe that address bar points to http://www.okia.com/ which actually to be pointing to http://xn--okia-zgf.com, however browser displays www.okia.com/ Actual results: Address bar points to a spoofed domain http://www.okia.com/.... Project Zero Bug Tracker December 30 2022 @ 11:53 AM crewjam/saml: Signature bypass via multiple Assertion elements Project Zero Bug Tracker December 29 2022 @ 5:35 PM Chrome: Design flaw in Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple UAFs Khan Academy - HackerOne December 29 2022 @ 6:54 AM fdeleite high - S3 bucket takeover [learn2.khanacademy.org] The subdomain learn2.khanacademy.org was pointed to Amazon S3, but no bucket with that name was registered [learn2.khanacademy.org]. This meant that anyone could sign up for Amazon S3, claim the bucket as their own and then serve content. ## Steps to reproduce Check the following url: http://learn2.khanacademy.org Also ``` > curl -k http://learn2.khanacademy.org/ <!doctype html> <html> ...