[FD] [TZO-20-2020] - Quickheal Malformed Archive bypass (ZIP GPFLAG) - CVE-2020-9362

From the low-hanging-fruit-department QuickHeal Generic Malformed Archive Bypass (ZIP GPFLAG) Release mode: Silent Patch Ref

[FD] [AIT-SA-20200301-01] CVE-2020-9364: Directory Traversal in Creative Contact Form

# Directory Traversal in Creative Contact Form ## Overview * Identifier: AIT-SA-20200301-01 * Target: Creative Contact Form (for Joomla) * Vendor: Creative Solutions * Version: 4.6.2 (before Dec 03 2019) * CVE: CVE-2020-9364 * Accessibility: Remote * Severity: Critical * Author: Wolfgang Hotwagner

[FD] Script Injection Vulnerability Remediated

A script injection vulnerability was discovered by a penetration tester hired by Prosper and later by a security professional. Thanks to Paul O’Neil at CyberScout for his responsible disclosure and assistance in confirming this vulnerability. For the attack to be successful, the attacker need

Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory

in that case it should be enough to: - mmap(..., PROT_READ | PROT_WRITE | PROT_MAYREAD | PROT_MAYEXEC, ...) - store the decrypted code into the above mmap'ed area - mprotect(..., PROT_READ | PROT_EXEC) - execute the decrypted code from the mmap'ed area regards > > > Hey, > > mprotect(RWX)... t

Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory

Not a particularly new topic (eg: https://reverseengineering.stackexchange.com/questions/3184/packers-protectors-for-linux) but always interesting to see new work in the space. The challenges here IMO are twofold: - Protecting the key material (a challenge shared with DRM): in this demo its not

[FD] [SYSS-2020-006] Inconsistent Interpretation of HTTP Requests (CWE-444) in Citrix Gateway (CVE-2020-10111)

Advisory ID: SYSS-2020-006 Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Version(s): 11.1, 12.0, 12.1 Tested Version(s): 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type:Inconsistent Interpretation of HTTP

[FD] [SYSS-2020-005] Cache Poisoning (CAPEC-141) in Citrix Gateway (CVE-2020-10112)

Advisory ID: SYSS-2020-005 Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Version(s): 11.1, 12.0, 12.1 Tested Version(s): 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type:Cache Poisoning (CAPEC-141) Risk Le

[FD] [SYSS-2020-004] Information Exposure Through Caching (CWE-512) in Citrix Gateway (CVE-2020-10110)

Advisory ID: SYSS-2020-004 Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Version(s): 11.1, 12.0, 12.1 Tested Version(s): 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type:Information Exposure Through Cachin

[FD] Buffer overflow in pppd - CVE-2020-8597

Hi list, I looked into Buffer overflow in pppd (CVE-2020-8597) some more. Great bug. Feel free to take a look if this interests you. I kind of simulated the bug quickly. https://github.com/marcinguy/CVE-2020-8597 Didn't follow the exploitation path. I can imagine you will have to beat Stack Cana

Re: [FD] ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory

Hey, mprotect(RWX)... this is not working in a properly hardened environment (like grsecurity/PaX mprotect restrictions ;). Cheers, -h On Tue, Mar 3, 2020 at 5:30 PM RedTimmy Security wrote: > > Hi all, > think about a typical Red Team operation, in which tools that commonly > trigger securi