[FD] Hue 3.7.1 Local Privilege Escalation

Title: Hue 3.7.1 Local Privilege Escalation Author: Julian Horoszkiewicz Description: An issue with hue-root privilege separation model has been identified. The reason for this is that /usr/lib/hue/build/env/bin/supervisor python script is by default owned by user hue, but executed as root. That

[FD] Read heap overflow / invalid memory access in Wireshark

https://blog.fuzzing-project.org/11-Read-heap-overflow-invalid-memory-access-in-Wireshark-TFPA-0072015.html The Wireshark parser code for Android Logcat network packages contained a read heap overflow in the function detect_version(). This issue was reported to the Wireshark developers on May

[FD] How to detect a promiscuous interface by using WMIC

(IP)0 TRUEWAN Miniport (IPv6) 0 TRUERAS Async Adapter0 - How to detect a promiscuous interface by using WMIC http://d.hatena.ne.jp/EijiYoshida/20150514/1431621603 -- Eiji James Yoshida Security Professionals Network Inc

[FD] Ambari Server 1.7.0 Local Privilege Escalation

Title: Ambari Server 1.7.0 Local Privilege Escalation Author: Julian Horoszkiewicz Description: An issue with ambari-root privilege separation model has been identified. The reason for this is that /var/lib/ambari-server/ambari-env.sh script is by default owned by user ambari, but executed as

[FD] Broken, Abandoned, and Forgotten Code, Part 4

Part 4 is up. An undersized malloc() during firmware decoding puts our hopes and dreams of persistent exploitation in peril. http://shadow-file.blogspot.com/2015/05/abandoned-part-04.html If you care to follow along, remote debugging with IDA Pro and QEMU will be useful, particularly starting in