RO0T.COM

When selecting targets, attackers often consider total cost of ‘pwnership’ — the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy. Source: …

qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. Source: NIST CVE-2018-15180

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s ?Games? directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games …

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s install directory. An attacker can overwrite an executable that is launched as a system service …

An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the …

An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running …

An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing …

The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows. Source: DarkReading FireEye Creates Free …