Microsoft User Account Control Nuances
This write up is an overview of how Microsoft's attempts to manage elevated access to executables via registry entries has added over complexity that still allows for escalation.
View ArticleShannon Baseband NrmmMsgCodec Emergency Number List Heap Buffer Overflow
There is a heap buffer overflow in Shannon baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the...
View ArticleUbuntu Security Notice USN-5961-1
Ubuntu Security Notice 5961-1 - It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading...
View ArticleShannon Baseband NrmmMsgCodec Extended Emergency Number List Heap Buffer...
There is a heap buffer overflow in Shannon baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the...
View ArticleDebian Security Advisory 5375-1
Debian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.
View ArticleBSidesLjubljana 2023 Call For Papers
B-Sides Ljubljana will be held June 16, 2023 in Ljubljana, Slovenia.
View ArticleShannon Baseband NrmmMsgCodec Access Category Definitions Heap Buffer Overflow
There is a heap buffer overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the...
View ArticleUbuntu Security Notice USN-5962-1
Ubuntu Security Notice 5962-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to...
View ArticleRiello UPS Restricted Shell Bypass
Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.
View ArticleUbuntu Security Notice USN-5959-1
Ubuntu Security Notice 5959-1 - It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this...
View ArticleShannon Baseband NrmmMsgCodec Intra-Object Overflow
There is an intra-object overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the...
View ArticleDebian Security Advisory 5356-2
Debian Linux Security Advisory 5356-2 - One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct...
View ArticleOpen Web Analytics 1.7.3 Remote Code Execution
Open Web Analytics (OWA) versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes.
View Article