cve


In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their... [Read More]
by RSS Peixue Li  |  Feb 21, 2017  |  Filed in: Security Research
At the end of last year, a critical vulnerability in PHPMailer that affected millions of websites – CVE-2016-10033 -  was discovered by Polish security researcher Dawid. This vulnerability allows an attacker to compromise the target’s web application by executing remote code on the vulnerable web server. There are numerous open source web applications that use PHPMailer as their main library for sending emails, including WordPress, Joomla, Yii, SugarCRM… More than a month after PHPMailer released a patch for this critical... [Read More]
by RSS Tien Phan   |  Feb 16, 2017  |  Filed in: Security Research
Domain Name System Security Extensions (DNSSEC) secures the Domain Name System (DNS), right? Yes, but that’s not the whole story. DNSSEC can also introduce troubles into your DNS server. Recently, a BIND bug caused by a missing RRSIG record, which is a part of DNSSEC, was fixed by a patch from the Internet Systems Consortium (ISC). This bug affects all versions of BIND recursive servers, and can cause a denial of service (DoS.) This potential DoS vulnerability is caused by a RUNTIME CHECK error in Resolver.c when handling the DNS... [Read More]
by RSS Dehui Yin  |  Feb 06, 2017  |  Filed in: Security Research
Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record... [Read More]
by RSS Dehui Yin  |  Jan 18, 2017  |  Filed in: Security Research
Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom... [Read More]
by RSS Kai Lu  |  Jan 17, 2017  |  Filed in: Security Research
Last month I discovered and reported an integer overflow vulnerability in the Windows Registry. Last Tuesday, October 25th, Microsoft released Security Bulletin MS16-124, which contains the patch for this vulnerability, and identifies it as CVE-2016-0070. This vulnerability could lead to local privilege elevation, and is rated as “Important” by Microsoft. The vulnerability affects multiple Windows versions, and Microsoft has recommended installing this update immediately. In this blog I will share the details of this vulnerability. How... [Read More]
by RSS Honggang Ren  |  Oct 31, 2016  |  Filed in: Security Research
Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities: [CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. [CVE-2016-8869] - Core - Elevated Privileges:  with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege – Administrator. CVE-2016-8870... [Read More]
by RSS Tien Phan  |  Oct 27, 2016  |  Filed in: Security Research
Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists... [Read More]
by RSS Kai Lu and Kushal Shah  |  Oct 21, 2016  |  Filed in: Security Research
Summary At the beginning of this year, I discovered and reported a Cross-Site Scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM). This month IBM released a security bulletin that contains the fix for this vulnerability. In this blog, I want to share the details of this vulnerability. How to Reproduce To reproduce this vulnerability, you can follow the steps below: Sign into CLM with a user account, such as “chbest2”, with the permission "JazzAdmins". Then create a new user... [Read More]
by RSS Honggang Ren  |  Oct 17, 2016  |  Filed in: Security Research
OpenSSL released an emergency security update shortly after a patch was issued a few weeks ago. This security update addresses a critical Use After Free vulnerability introduced by the updated code that revised to resolve the earlier low severity vulnerability CVE-2016-6307. This critical Use After Free vulnerability (CVE-2016-6309) is caused by an error that occurs when relocating a message with an overlarge message size greater than 16k. Remote attackers may access the freed buffer to crash, or potentially even execute arbitrary code on vulnerable... [Read More]
by RSS Dehui Yin  |  Oct 12, 2016  |  Filed in: Security Research