Releases

Microsoft DirectX Memory Corruption (CVE-2018-8563)

A memory corruption vulnerability exists in Microsoft DirectX. The corruption happens as a result of the incorrect handling of text, while running CSS tranformations, resulting in an out-of-bounds-read. It is possible to trigger this vulnerability remotely via Internet Explorer. An attacker can use this vulnerability to disclose memory of a victim’s machine. Generally, such vulnerability is chained with a Remote Code Execution vulnerability and used to bypass common defenses.

read more

Network Manager VPNC - Privilege Escalation (CVE-2018-10900)

The Network Manager VPNC plugin is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

read more

Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933)

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

read more

Manage Engine OpManager Multiple Authenticated RCE Vulnerabilities

Pulse Security has identified two vulnerabilities in the ManageEngine OpManager software currently being exploited in the wild, and one observational note. This document details the vulnerabilities and the indicators of compromise that may be used to identify these exploits.

read more

Microsoft Internet Explorer EnterBlock Memory Corruption (CVE-2018-8249)

A memory corruption vulnerability exists in Microsoft Internet Explorer. The corruption happens due to the destruction and reuse of an element processed by Internet Explorer. An attacker can use this vulnerability to obtain Remote Code Execution and compromise a victim’s machine. Microsoft fixed this vulnerability in the June 2018 patch cycle. Pulse Security recommends applying the latest updates to mitigate this vulnerability.

[pdf] download full release

Phusion Passenger chown() race privilege escalation (CVE-2018-12029)

Phusion Passenger’s Nginx module is vulnerable to a privilege escalation vulnerability when run with a non-standard passenger_instance_registry_dir configuration. A vulnerability exists when creating the control_process.pid file, specifically when the file’s owner is changed from root. An attacker can use this behavior to escalate privileges from the www-data user to the root user when Nginx is restarted.

[pdf] download full release

Microsoft Internet Explorer Hyperlink Memory Corruption (CVE-2018-8118)

A memory corruption vulnerability exists in Microsoft Internet Explorer. The corruption happens as a result of the destruction and reuse of an element processed by Internet Explorer. An attacker can use this vulnerability to obtain Remote Code Execution and compromise a victim’s machine.

read more

Pi-hole < v3.3 Multiple Vulnerabilities

Multiple vulnerabilities were discovered in Pi-Hole, a DNS blocker solution. Vulnerabilities included remote code execution, cross-site scripting, sql injection, privilege escalation and stack-based buffer overflow.

read more

Microsoft Edge / Internet Explorer SVG Memory Corruption (CVE-2018-0932)

A memory corruption vulnerability exists in Microsoft Edge and Internet Explorer. The corruption happens as a result of incorrect handling of SVG attributes. An attacker can use this vulnerability to disclose memory of a victim’s machine. Generally, such vulnerability is chained with a Remote Code Execution vulnerability and used to bypass common defenses.

read more