Can this be used to perform DNS exfiltration ? (Assuming the UGW is
whitelisted to perform DNS (which it likely must be)
> # Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External
> DNS Interaction
> # Vendor Homepage: https://www.microsoft.com/
> # Version: 2010
> # CVE : CVE-2
From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ISO)
Release mode: Silent
From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP GFlag)
Release mode: Coordinated Dis
From the low-hanging-fruit-department
ESET Generic Malformed Archive Bypass (ZIP Compression Information)
Release mode: Coordin
From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (BZ2)
Release mode : Forced Disclosure
Re
From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)
Release mode: Coordina
From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)
Release mode: Forced Discl
From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG)
Release mode: Forced Disclosur
From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length)
Release mode: Coordinate
Thought this might be interesting to the audience of FD.
https://blog.zoller.lu/2020/01/sd-card-permanent-read-only-locker.html
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: ht
From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (RAR Uncompressed Size)
Release mode: Forced
From the low-hanging-fruit-department
Bitdefender Malformed Archive Bypass (RAR Compression Information)
Release mode: Forced Dis
From the low-hanging-fruit-department
ESET Generic Malformed Archive Bypass (BZ2 Checksum)
Release mode: Coordinated D
From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ZIP GPFLAG)
Release mode: No Patch - Coord
From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (RAR)
Ref : [TZO-15-2020] -
From the low-hanging-fruit-department
Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length)
Release mode: Coordinate
From the low-hanging-fruit-department
Bitdefender Generic Malformed Archive Bypass (GZIP)
Release mode: Silent Patch
Ref
This was assigned CVE-2020-9264
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
From the low-hanging-fruit-department
AVIRA Generic Malformed Container bypass (ISO Container)
Release mode: Coordinated disc
From the low-hanging-fruit-department
F-SECURE Generic Malformed Container bypass (GZIP)
Ref : [TZO-16-2020] - F-S
From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass
Release mode: Vendors do
From the low-hanging-fruit-department
Avast Generic Malformed Archive Bypass (ZIP GFlag)
Release mode: Coordinated Di
From the low-hanging-fruit-department
QuickHeal Generic Malformed Archive Bypass (ZIP GPFLAG)
Release mode: Silent Patch
Ref
From the low-hanging-fruit-department
QuickHeal Generic Malformed Archive Bypass (ZIP GPFLAG)
Release mode: Silent Patch
Ref
Adapting the Mechanics of Vulnerability Disclosure to an area where
Privacy Rights need to be scrutinized and where transparency becomes
paramount.
How to effectively evade the GDPR and the reach of the DPA (CDPWE-0001
===
Adapting the Mechanics of Vulnerability Disclosure to an area where
Privacy Rights need to be scrutinized and where transparency becomes
paramount.
===
On the 29.
26 matches
Mail list logo