Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.
6836f45a69f6f071caf05f74b515b151a7337c71a449b6d44cc02c812c149f3eMPEngine MsMpEng in Microsoft Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more suffers from a remotely exploitable type confusion.
71f1e4c261be22330753db2dd368004f0b32b16209242b09131afbc4d41684fbThe Nintendo 3DS DNS client resolver library uses a predictable (incremented) TXID allowing for the spoofing of responses.
f5c21a78f99b5f6cde7c75e94a484f05c6eb123b704e14150dcd8700cbaa9823LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.
9ed079fcb0d244aa6283137999747a3a863596c417d774f11999caccfd2cde18The LastPass domain regex does not handle data and other pseudo-url schemes.
c0a8fe296712f524a32da5c517945525e5ab13ee7092ff234e231f8b07fc44f8LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.
27d63cb0f60259717435f5611911b967a0c0559c6c2c10dfabac06098d0685e1websiteConnector.js content script in LastPass allows for proxying of internal RPC commands.
c01b74d3513ae36c123c2c3bd27e5429944df7d35416e37f930ce4fb1b95e591Cloudflare has reverse proxies that are dumping uninitialized memory.
66511f241de1d3b330ddbb6ca920b62835261e611a2fa6e9a5e1f26923a423dfThis Metasploit module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.
6c42287dc4186a67ead4ee41cfd7c7d1bcf0bc8d846ea957b70ad1e16c11f4dfCisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.
cca3ecf12e0dac1eb99404188e20bcca27a53567815273560c040946b9001609Cisco's WebEx extension has a URL that allows for arbitrary remote command execution.
38e70d300153f0f056a7136a948b0b4e1125d12a487e0e736084b746311e4b8aIn order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root". Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. For example, the way leaf certificates are cached uses an extremely naive fingerprinting technique. Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it's already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection. The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent. You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial.
62a363de88e0143fb1b6e4fbc89e03980ce4d3bb71f50510388690356f2ef1c2Kaspersky fails to adequately protect its local CA root.
e616d063bcea88d45ea4488a02eadbbf74b14cc52e5b5963dad38248c18bd1aaPalo Alto Networks PanOS suffers from a root_reboot local privilege escalation vulnerability.
77b90d6716d58a4f8b814a7d51d68c8130edeff0b31b29a1ae4d36ee5932035cPalo Alto Networks PanOS suffers from a root_trace local privilege escalation vulnerability.
fa9287845339b7532fe00af817e6a9f334b941965b54b7b6772bb41d07ad920dPalo Alto Networks PanOS suffers from a stack buffer overflow in the appweb3 embedded webserver.
46316d54fe0b1eaeb6e793d9de3a88060515fc612e68480aff0ecc2569c52c70There are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and virtualization features.
8489830ab99717565de0b95fb8a62e1d6228d87f421b300b6a51b34ddfeba76bThe ghostscript -dSAFER parameter that is used when handling untrusted documents appears broken on multiple distributions. This could result in arbitrary file disclosure on systems that process pdf, ps, use ImageMagick or graphicsmagick, etc.
dc280411e56c7501d5d20a65fe970344a58ad204857dc30600a3ba1be43070e4Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.
9f57b2a3b52264e8df535a836560985566bdee33f433a00744602c523418b41fDashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.
8ae21cea6fb92d7febc9458b8ecef807dba56c0929a989b446a126174608f426Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.
bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486dLastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.
251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7Symantec suffers from a PowerPoint misaligned stream-cache remote stack buffer overflow vulnerability.
052761903f16d88db4affd9da98d81a78c52c8c900fd66dad4540b019026eb1eSymantec suffers from a missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink.
34b4ac0ff008d01486602041869fd3b2080584c09bba6351c3c21ccd2dc47d09Symantec suffers from an integer overflow in the TNEF decoder.
ade0be4c94efeb64e7d34ea7456d064b5cda1c9f3ea14dd9429dca9736285693
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed