Tag
#linux
Linux suffers from two seccomp bugs with a PT_SUSPEND_SECCOMP permission bypass and ptracer death race condition.
### Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. `httparty/lib/httparty/request` > `body.rb` > `def generate_multipart` https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 By exploiting this problem, the following attacks are possible * An attack that rewrites the "name" field according to the crafted file name, impersonating (overwriting) another field. * Attacks that rewrite the filename extension at the time multipart/form-data is generated by tampering with the filename For example, this vulnerability can be exploited to generate the following Content-Disposition. > Normal Request example: > normal input filename: `abc.txt` > > generated normal header in multipart/form-data > `Content-Disposition: form-data; name="avatar"; filename="abc.txt"` > Malicious Request example > malicious input filename: `overwrite_name_f...
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
Categories: Android Categories: Apple Categories: News Tags: devices Tags: recycle Tags: back up Tags: reset Tags: android Tags: mac Tags: apple Tags: iphone Tags: ipad Tags: windows Tags: chromebook Before we hand down, sell on, or recycle our old device we will want to make sure all personal data are backed up and deleted from the device. Here's how... (Read more...) The post New device? Here's how to safely dispose of your old one appeared first on Malwarebytes Labs.
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin