** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Read More

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Read More

Posted by Competition Administrator on Mar 21

The WCC 2023 is a fully-online and open competition using GitHub.
The language of the competition is English.

The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023
to Monday October 23rd 2023.
Teams and Judges must complete registration before Wednesday June 1st.

The WCC 2023 has three entry categories:
Category A: Block Ciphers with a 512-bit block, 512-bit key, and 192-bit
nonce
Category B: Digest Functions with a…

Read More

Posted by Georgi Guninski on Mar 21

Is there low hanging fruit for the following observation?

The documentation of the python cgi module is vulnerable to XSS
(cross site scripting)

https://docs.python.org/3/library/cgi.html

“`
form = cgi.FieldStorage()
print(“<p>name:”, form[“name”].value)
print(“<p>addr:”, form[“addr”].value)
“`

First result on google for “tutorial python cgi”
is…

Read More

Posted by Adam Gowdiak on Mar 21

Hello,

I feel obliged to provide additional comments to this paragraph as I
start to believe that CANAL+ might not deserve sole blame here…

While Microsoft claims there is absolutely no bug at its end, I
personally start to perceive the company as the one that should be
also blamed to some extent.

Below, I am providing you with the reasons that has lead me to such a
conclusion.

For many months, no response from CANAL+ was taken at my end as…

Read More

Posted by Arik Seils on Mar 21

Hi there,

One can use the Metasploit Framework Module post/windows/local/bypassua _fodhelper to achieve this.

Greetings from Germany,

A.Seils

17.03.2023 06:26:56 Stefan Kanthak <stefan.kanthak () nexgo de>:

Read More

FEDORA-2023-da8315e641

Packages in this update:

xen-4.16.3-4.fc37

Update description:

3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]

Read More

FEDORA-2023-04b5338dd0

Packages in this update:

xen-4.16.3-4.fc36

Update description:

3 security issues (#2180425)
x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332]
x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333,
CVE-2022-42334]
x86: speculative vulnerability in 32bit SYSCALL path [XSA-429,
CVE-2022-42331]

Read More

It was discovered that the set() method in object-path could be corrupted
as a result of prototype pollution by sending a message to the parent
process. An attacker could use this issue to cause object-path to crash.
(CVE-2020-15256, CVE-2021-23434, CVE-2021-3805)

Read More

FEDORA-2023-76d18cf2fa

Packages in this update:

reposurgeon-4.35-1.fc38

Update description:

4.35: 2023-03-21

Document an importand gotcha about working with CVS. Clean up some annoyances in the build and test machinery.

4.34: 2023-01-24

Change repocutter -f (basename) option to -n. Default filecopy to matching a regexp; -f now undoes this. Add repocutter count and debug commands. Repocutter patches missing copyfrom source revisions. Added repocutter swapcheck command for sanity checking.

4.33: 2022-12-21

Some potentially unsafe shellouts have been fixed. Format –fossil is no loinger broken. Fix segfault when listing descendants of orphaned commit. Ensure that repocutter is quieted when output is not stdout.

Read More