This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.

Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

This Metasploit module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray() function in order to produce a memory corruption and finally escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play, has been tested successfully on Java 7u21 on Windows and Linux systems. This was created based upon the Packet Storm Bug Bounty release for this issue.

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

Edimax EW-7438RPn version 1.13 suffers from a remote code execution vulnerability.

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk.

NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.

Jira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.

LabVantage version 8.3 suffers from an information disclosure vulnerability.

SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.

ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.

HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability.

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

Edimax EW-7438RPn suffers from an information disclosure vulnerability.

File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

Cisco Data Center Network Manager version 11.2 remote code execution exploit.

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.

ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.

An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.

rpc.pcnfsd suffers from a syslog related format string vulnerability. IBM AIX versions 6.1.0 and below, IRIX 6.5 and HP-UX versions 11.11, 11.23 and 11.31 are all affected.

Malware Analysis Part I - This guide is the first part of a series of three where we begin with setting up the very foundation of a analysis environment; the analysis station. It will give the reader a quick recap in the different phases of malware analysis along with a few examples. It will then guide the reader in how to build an analysis station optimized for these phases. Along with this, the guide also introduces a workflow that will give the reader a good kick-start in performing malware analysis on a professional basis, not only on a technical level.