CVE-2017-11723
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.
Read MoreAuthor: Cyberthreat Blog
CVE-2017-4919
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
Read MoreStatic Analysis of Emotet Maldoc, (Fri, Jul 28th)
Brad wrote a great analysis of an Emotet maldoc send to us by a reader. In this diary, I would like to show how this maldoc can be staticaly analyzed with a couple of tools. oledump.py confirms it is an Office document with VBA...
Read MoreCVE-2015-5191
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation.
Read MoreCVE-2017-6252
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.
Read More