Hey,
TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).
/*
* 1. Use-After-Free (UAF)
*/
During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity +
Hey,
The Path Traversal vulnerability was found in the component of the Bomgar
Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar
applet that is hosted at https://TARGET/api/content/JavaStart.jar on the
vulnerable RSP deployments. The JavaStart version 52970 and prior were
Hey,
The Local Privilege Escalation vulnerability was found in the Kaseya
Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a
Windows service that periodically executes various programs with “NT
AUTHORITY\SYSTEM” privileges.
In the Kaseya's default configuration, Windows
==
Secunia Research 2018/03/15
Microsoft Windows Embedded OpenType Font Engine hdmx Table
Information Disclosure Vulnerability
==
Secunia Research 2018/03/15
Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()"
Information Disclosure Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This email refers to the advisory found at
https://confluence.atlassian.com/x/3WNsO
CVE ID: CVE-2018-5225
Products: Bitbucket Server
Affected Bitbucket Server Versions:
4.13.0 <= version < 5.4.8
5.5.0 <= version < 5.5.8
5.6.0 <= version < 5.6.5
==
Secunia Research 2018/03/14
Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling
Information Disclosure Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4147-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 21, 2018
