-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4149-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2018
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4148-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2018
Hey,
TL;DR: UAF in a "non-release" version of ModSecurity for Nginx.
!RCE|DoS, no need to panic.
Plus some old and even older exploitation vector(s).
/*
* 1. Use-After-Free (UAF)
*/
During one of the engagements my team tested a WAF running in production
Nginx + ModSecurity + OWA
Hey,
The Path Traversal vulnerability was found in the component of the Bomgar
Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar
applet that is hosted at https://TARGET/api/content/JavaStart.jar on the
vulnerable RSP deployments. The JavaStart version 52970 and prior were
Hey,
The Local Privilege Escalation vulnerability was found in the Kaseya
Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a
Windows service that periodically executes various programs with “NT
AUTHORITY\SYSTEM” privileges.
In the Kaseya's default configuration, Windows u