Save time and money by including fuzz testing in your SDLC. Detect vulnerabilities, flaws, bugs and zero-day exploits before your software is deployed.
Beyond Security
SecuriTeam
Blog
IP Encapsulation Authentication Bypass by Spoofing Vulnerability
Published on August 1st, 2020 Summary IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar to IPSEC VPNs in...
FortiClient for Windows 6.2.1 Exposure of Resource to Wrong Sphere Vulnerability
Published on August 1st, 2020 Summary An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below. Credit: The information has been provided by Lasse Trolle Borup The original article can be...
Libvirt API version 3.10.0 NULL Pointer Dereference Vulnerability
Published on August 1st, 2020 Summary A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its...
Istio 1.4.x before 1.4.9 NULL Pointer Dereference Vulnerability
Published on August 1st, 2020 Summary By sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar...
Docker Engine before 19.03.11 Improper Input Validation Vulnerability
Published on August 1st, 2020 Summary In the Docker default configuration, the container network interface is a virtual ethernet link going to the host (veth interface). In this configuration, an attacker able to run a...
Joomla! before 3.9.19 Cross-Site Request Forgery (CSRF) Vulnerability
Published on August 1st, 2020 Details In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. Vulnerable Systems: Joomla! before 3.9.19 CVE Information: CVE-2020-13760 Disclosure...
Joomla! before 3.9.19 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
Published on August 1st, 2020 Details In Joomla! before 3.9.19, lack of input validation in the heading tag option of the “Articles – Newsflash” and “Articles – Categories” modules...
Snapdragon Auto Reachable Assertion Vulnerability
Published on August 1st, 2020 Details Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the...
Snapdragon Auto Double Free Vulnerability
Published on August 1st, 2020 Details Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto...
