FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]
Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from […]
It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
Source: Microsoft Wi…
Oracle Java SE installs a protocol handler in the registry as “HKEY_CLASSES_ROOTjnlpShellOpenCommandDefault” ‘C:Program FilesJavajre1.8.0_131binjp2launcher.exe” -securejws “%1″‘. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. […]
Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine.
Source: Windows NTLM Auth Hash Disclosure / Denial Of Service
The post Windows NTLM Auth Hash Disclosure / Denial Of…
Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.
Source: Typo3 Restler 1.7.0 Local File Disclosure
The post Typo3 Restler 1.7.0 Local File Disclosure appeared first on MondoUnix.
TrendMicro OfficeScan versions 11.0 and XG (12.0) suffer from NT domain and PHP information disclosure vulnerabilities.
Source: TrendMicro OfficeScan 11.0 / XG (12.0) Information Disclosure
The post TrendMicro OfficeScan 11.0 / XG (12.0) Information Di…
TrendMicro OfficeScan versions 11.0 and XG (12.0) suffer from a pre-authentication encryption key disclosure vulnerability.
Source: TrendMicro OfficeScan 11.0 / XG (12.0) Encryption Key Disclosure
The post TrendMicro OfficeScan 11.0 / XG (12.0) Encrypt…
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.
Source: Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure
The post Microsoft Windows Kernel w…
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.
Source: Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure
The post Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosu…