Monthly Archives: January 2020

OK Google: bypass the authentication!

• On 31 Jan, 2020
• By Mattia Vinci (aka sowdust)

During a recent assessment of a voice application we found a very intriguing vulnerability that, besides being a lot of fun to exploit, demonstrates how the complexity of modern applications,…

CVE-2020-7799 – FusionAuth “Apache Freemarker” Code Execution

• On 27 Jan, 2020
• By Gianluca Baldi

FusionAuth command execution via Apache Freemarker Template (CVE-2020-7799).

CVE-2020-2696 – Local privilege escalation via CDE dtsession

• On 15 Jan, 2020
• By Marco Ivaldi (aka raptor)

During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack…

CVE-2020-2656 – Low impact information disclosure via Solaris xlock

• On 15 Jan, 2020
• By Marco Ivaldi (aka raptor)

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact…