Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

Call For Papers for Positive Hack Days 10 which will take place in Moscow, Russia May 13th through the 14th, 2020.

53 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.

114 bytes small Linux/x86 random bytes encoder and XOR/SUB/NOT/ROR execve(/bin/sh) shellcode.

571 bytes small Microsoft Windows x86 dynamic bind shell and null-free shellcode.

223 bytes small dynamic, null-free popcalc shellcode.

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

232 bytes small Dynamic MessageBoxA||W PEB and Import Table Method shellcode.

210 bytes small WinExec add-admin dynamic null-free shellcode.

26 bytes small Linux/x86 reboot polymorphic shellcode.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

This Metasploit module exploits a directory traversal in Huawei HG255.

This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.

DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability.

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

TVT NVMS 1000 suffers from a directory traversal vulnerability.

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.