WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.
a7ec001ae70f4424c933c3e526ad4f1f1edfb80ffe8e45ec92f1ffebddd58f71
This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.
02d9b935a7a5cdf82db861dce43947e948ad10d79814fe11cb814deae28bd90e
This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.
cd1628d6088adebed1146b07de97a52f751b4685343a34fc4a0afdafa192d6a7
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
93b68d41416ad416953d26a06ef2d30032cf0d6a0bf09b54898ec680844593d3
Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.
78602ef0efd0605008f1fbce59841d535c41dd7f6c75375c80f990b66f399b5c
Micro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.
69bad3da3d6d506035ef6a4b85f35bec78121f1787146f7b5587ba63b5f9d04d
Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.
5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6c
Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
d4abe9fb775b7447462f9534ef3304643476701c50f56da8f4238dcf00de841b
This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached.
ffc4442915ecf93d8cc559e8f07b68a8fa8aa6fc9f12c43ac4f3ae5d931ac495
Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users.
f5f61f0e91fb1492f3cc43981bb89d49f791427a38840fc17d42980c9a25194c
Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to user projects.
d6e235c49d00e4d533f28b00647cf63de21e373e8951706d91b44ddbf61ed5c4
Red Hat Security Advisory 2018-3822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
2c75e8a0c4daa00265bfac5900dda74d873669e6e611b64f788b2b86a15f96e7
Red Hat Security Advisory 2018-3823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
30befba6188da69a809e66cefa93e12c83bfc4f4ca6df6f16330d33155190dac
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
c879ec048793b84c4086c75f0c15ae93fcef31d64fd372f00fe433ec923a50d8
Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
700e7cd7426950be3745ea829c1727c1dce803c11dbc707bc426e6d5df75b186