Posts
2506
Following
576
Followers
1285
A drunken debugger

Heretek of Silent Signal
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator
repeated
trailofbits@infosec.exchange

Trail of Bits

We've completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.
If you are a language designer or a software developer, our AWS-sponsored assessment also provides recommendations for improving policy language design and for securing systems that use policy languages.
https://buff.ly/4cSO63s

0
2
1
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
1
0
1
buherator
repeated
mcfly@milliways.social

mc.fly

Are we not negative enough towards

8
20
1
buherator

buherator

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

[RSS] We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
0
0
0
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
1
buherator
repeated
dcoderlt@ohai.social

DCoder 🇱🇹❤🇺🇦

Australia really looked at GDPR and said “those fines are rookie numbers, mate”.

https://ministers.ag.gov.au/media-centre/parliament-approves-governments-privacy-penalty-bill-28-11-2022

(from https://twitter.com/troyhunt/status/1597841957526568966 )

1
2
0
buherator
repeated
talosvulns

Talos Vulnerability Reports

New vulnerability report from Talos:

Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1980

CVE-2024-38257,CVE-2024-38257
0
1
0
buherator
repeated
bert_hubert@fosstodon.org

bert hubert 🇺🇦🇪🇺

As @echo_pbreyer reminded us, EU member states have revived their effort to force-install a child pornography scanner on our phones again. This idea was rejected twice before, but they'll keep trying. Here's an English transcript of what I said about this in Dutch parliament last year: https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/

0
2
0
buherator
repeated
chudypb@infosec.exchange

Piotr Bazydło

My SharePoint RCE got fixed: CVE-2024-38018. Site Member privs should be enough to exploit.

I also found a DoS vuln that got patched today: CVE-2024-43466.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018

0
5
0
buherator

buherator

From COM Object Fundamentals To UAC Bypasses - Tijme Gommers

https://www.youtube.com/watch?v=481SI_HWlLs
0
0
2
buherator

buherator

"This patch day, Microsoft introduced new garbage collection mechanism in win32k. In addition to the previously introduced type isolation mechanism, there is now garbage collection, making it more difficult to control the heap feng shui."

More info: https://x.com/TinySecEx/status/1833697218983080428
0
0
2
buherator
repeated
screaminggoat@infosec.exchange

Not Simon 🐐

Edited 3 months ago

Happy from Microsoft: 79 new CVEs, 4 NEW EXPLOITED ZERO DAYS:

  • CVE-2024-43491 (9.8 critical) Microsoft Windows Update Remote Code Execution Vulnerability (EXPLOITED)
  • CVE-2024-38226 (7.3 high) Microsoft Publisher Security Feature Bypass Vulnerability (EXPLOITED)
  • CVE-2024-38217 (5.4 medium) Windows Mark of the Web Security Feature Bypass Vulnerability (EXPLOITED and PUBLICLY DISCLOSED)
  • CVE-2024-38014 (7.8 high) Windows Installer Elevation of Privilege Vulnerability (EXPLOITED)

EDIT: @BleepingComputer has mentioned that CVE-2024-38217 was marked publicly disclosed. Updated this to reflect it. See related reporting Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

2
2
0
buherator

buherator

Straight Outta Kapton
0
0
1
buherator
repeated
andersonc0d3@infosec.exchange

andersonc0d3

Measuring non-determinism in the Linux kernel

https://shape-of-code.com/2024/09/08/measuring-non-determinism-in-the-linux-kernel/

0
1
0
buherator
repeated
screaminggoat@infosec.exchange

Not Simon 🐐

Citrix security advisory: Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Happy from Citrix.

  • CVE-2024-7889 (CVSSv4: 7.0 high) LPE
  • CVE-2024-7890 (CVSSv4: 5.4 medium) LPE

Fixed in Citrix Workspace app for Windows 2405 and later versions, Citrix Workspace app for Windows 2402 CU1 LTSR and later versions. No mention of exploitation.

0
1
0
buherator
repeated
talosvulns

Talos Vulnerability Reports

New vulnerability report from Talos:

Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2011

CVE-2024-39420
0
1
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.