Saturday, April 20, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Securiteam

Independent Securiteam 

Hardening guide for Tomcat 8 on RedHat 6.5 (64bit edition)

admin

Credit to Author: eyalestrin| Date: Thu, 07 May 2015 18:30:34 +0000

This document explains the process of installation, configuration and hardening of Tomcat 8.x server, based on RedHat 6.5 default installation (IPTables and SELinux enabled by default), including support for TLS v1.2 and protection from BEAST attack and CRIME attack. Some of the features explained in this document are supported by only some of the Internet … Continue reading Hardening guide for Tomcat 8 on RedHat 6.5 (64bit edition)

Read more
Independent Securiteam 

REVIEW: “The Social Life of Information”, John Seely Brown/Paul Duguid

admin , , , ,

Credit to Author: p1| Date: Fri, 30 Jan 2015 18:39:51 +0000

BKSCLFIN.RVW   20130124 “The Social Life of Information”, John Seely Brown/Paul Duguid, 2000, 0-87584-762-5, U$24.95 %A   John Seely Brown %A   Paul Duguid %C   60 Harvard Way, Boston MA   02163 %D   2000 %G   0-87584-762-5 %I   Harvard Business School Press %O   U$25.95 617-495-6947 617-495-6700 617-495-6117 800-545-7685 %O  http://www.amazon.com/exec/obidos/ASIN/0875847625/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0875847625/robsladesinte-21 %O   http://www.amazon.ca/exec/obidos/ASIN/0875847625/robsladesin03-20 %O   Audience n+ Tech 2 Writing 2 … Continue reading REVIEW: “The Social Life of Information”, John Seely Brown/Paul Duguid

Read more
Independent Securiteam 

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

admin , , ,

Credit to Author: SSD / Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability … Continue reading SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Read more
Independent Securiteam 

SSD Advisory – Apache OpenOffice Virtual Table Corruption

admin

Credit to Author: SSD / Ori Nimron| Date: Sun, 06 Jan 2019 07:40:33 +0000

Vulnerabilities Summary The following advisory discusses a vulnerability found in Apache OpenOffice. The vulnerability lays inside the part that responsible for parsing documents, which contains has an overflow that let attackers take control over program execution. Vendor Response “We obtained a CVE number for the vulnerability you reported: CVE-2018-11790. The release will need to undergo … Continue reading SSD Advisory – Apache OpenOffice Virtual Table Corruption

Read more
Independent Securiteam 

SSD Advisory – iOS/macOS Kernel task_inspect Information Leak

admin ,

Credit to Author: SSD / Ori Nimron| Date: Mon, 17 Dec 2018 07:02:28 +0000

Vulnerabilities Summary The following advisory discusses a bug found in the kernel function task_inspect which a local user may exploit in order to read kernel memory due to an uninitialized variable. Vendor Response “Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be … Continue reading SSD Advisory – iOS/macOS Kernel task_inspect Information Leak

Read more
Independent Securiteam 

SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

admin , ,

Credit to Author: SSD / Ori Nimron| Date: Sun, 02 Dec 2018 13:08:59 +0000

Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the graphics operations are run in a separate process. On macOS, the process is WindowServer and on iOS the name is backboardd. Both of … Continue reading SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Read more
Independent Securiteam 

SSD Advisory – Symfony Framework forward() Remote Code Execution

admin ,

Credit to Author: SSD / Ori Nimron| Date: Sun, 04 Nov 2018 14:21:53 +0000

Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components. Under certain conditions, the Symfony framework can be abused to trigger RCE in the HttpKernel (http-kernel) component, while forward() is considered by the … Continue reading SSD Advisory – Symfony Framework forward() Remote Code Execution

Read more
Independent Securiteam 

SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

admin , ,

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:23:16 +0000

Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC messages from the renderer to the browser process. These messages can cause the browser to make network requests, … Continue reading SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Read more