CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users

CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE

IcedTeaWeb is an open source implementation of JSR-56 that is better known as Java Web Start. It is currently maintained by RedHat and is included into the Windows packages of OpenJDK by default. "Three security issues were found in ITW, and have been discussed and are going to be fixed. Those

Details about recent GNU patch vulnerabilities

I identified several vulnerabilities in the GNU patch utility, some of them making it possible to execute arbitrary code if the victim opens a crafted patch file. It also turned out, some of these vulnerabilities had been silently addressed by the maintainer back then in 2018 when CVE-2018-1000156

CVE-2019-13635: Directory traversal in WP Fastest Cache 0.8.9.5 and below

WP Fastest Cache is a Wordpress plugin that creates static html files from the dynamic WordPress blog in order to speed up operation. Version 0.8.9.5 and below of the plugin was identified being vulnerable to directory traversal attacks. The first two are Windows only, the 3rd one is generic.

CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8

Affected product: WampServer 3.1.4-3.1.8 Offiical description: "WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Alongside, PhpMyAdmin allows you to manage easily your databases." Official website:

Advisory: security controls configured in php.ini could be bypassed on Linux

"PHP is a popular general-purpose scripting language that is especially suited to web development." PHP has deployed several features over the years that are prone to incorrect architectural decisions (safe mode https://www.php.net/manual/en/features.safe-mode.php or open_basedir

CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used

Jackson-databind is a popular library in Java for JSON marshalling/unmarshalling. It has a feature called default-typing: when the target class has some polymorph fields inside (such as interfaces, abstract classes or the Object base class), the library can include type info into the JSON

missing input validation in pmount: arbitrary mount as non-root

: --- Discovered by: Imre Rad Reported on: 2016-03-21 Disclosure: 2016-07-13

Authentication bypass in PHP File Manager 0.9.8

to the developer 2016-01-04: CVE ID requested from MITRE 2016-01-11: Report resent to the developer 2016-01-18: Notification sent to the developer about disclosing the vulnerability on 25th of January 2016-01-18: Disclosure Imre Rad Search-Lab Ltd. http://www.search-lab.hu/ http://www.scademy.com/

PHP LiteSpeed SAPI out of boundaries read due to missing input validation

the SAPI socket is a prerequisite of the attack. The fix is available with the commit: https://github.com/php/php-src/commit/08080c18f5f3700af6242a338a2698502207ed45 The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2. Imre Rad Search-Lab Ltd. http://www.search-lab.hu/ http://www.scademy.com/

PHP LiteSpeed SAPI secret key improper disposal

/c60d4b97707c513ee8b554eecf1c5c653cae5998#diff-19cd0c042863b5e723b785a39a866a25 The fixed versions of PHP are: 5.5.31, 5.6.17 and 7.0.2. More information: http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine Imre Rad Search-Lab Ltd. http://www.search-lab.hu/ http://www.scademy.com/

CVE-2014-7952, Android ADB backup APK injection vulnerability

The Android operating system offers a backup/restore mechanism of installed packages through the ADB utility. Full backup of applications including the private files stored on /data partition is performed by default, but applications can customize this behavior by implementing a BackupAgent class.

CVE-2014-7951 adb backup archive path traversal file overwrite

on: Android 4.0.4: Reported on:2014-07-14 Assigned CVE: CVE-2014-7951 Android bug id: 16298491 Discovered by: Imre Rad / Search-Lab Ltd. http://www.search-lab.hu http://www.securecodingacademy.com/

CVE-2014-7953 Android backup agent code execution

on:2014-08-15 Assigned CVE: CVE-2014-7951 Android bug id: 15829193 Discovered by: Imre Rad / Search-Lab Ltd. http://www.search-lab.hu http://www.securecodingacademy.com/

CVE-2014-7954 MTP path traversal vulnerability in Android

-- u0_a6media_rw 13 2014-09-24 01:36 sdf.txt drwxrwx--x u0_a6u0_a6 2014-07-22 01:06 shared_prefs Tested on: Android 4.4.4 Reported on: 2014-09-26 Assigned CVE: CVE-2014-7954 Discovered by: Imre Rad / Search-Lab Ltd. http://www.search-lab.hu

LG On Screen Phone authentication bypass (CVE-2014-8757)

LG On Screen Phone authentication bypass vulnerability -- SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the