vBulletin is a well-known forum software worldwide. Recently a pre-auth RCE was observed that bypasses CVE-2019-16759, September 2019 vBulletin patch. Security researcher Amir Etemadieh (Zenfox) has discovered this zero day and has published POC in various formats in his blog on 9th Aug,2020. Description The vulnerability exists in the dynamic creation of widgets at ajax/render/widget_tabbedcontainer_tab_panel. … Continue reading “vBulletin pre-auth Remote Code Execution Vulnerability”
Author: Dhiren Vaghela
Zero-days of Pandemic Year till August, 2020
With more than half of 2020 behind us, Google Security Researchers of Google’s Project Zero security team compared the vulnerability stats of the year with the stats from 2019. Interestingly, by this month last year, the same numbers of zero-days were detected in the wild as this year. Qualys has been uptodate with all the … Continue reading “Zero-days of Pandemic Year till August, 2020”
QSnatch malware aka “Derek” multiple vulnerabilities
In mid-June 2020, QNAP devices were found to be vulnerable to older Qsnatch malware campaigns of 2014 and 2017. Description The vulnerabilities due to Qsnatch has high to critical impact on QNAP NAS devices. A joint advisory published by CISA and NCSC says that “it has infected 62,000 devices worldwide, including 3900 in the UK … Continue reading “QSnatch malware aka “Derek” multiple vulnerabilities”
Linux Kernel ePBF Local Privilege Escalation Vulnerability (CVE-2020-8835)
The Linux kernel was reported with out-of-bounds reads and writes vulnerability due to lack of calculation in register bounds of ePBF code. Using this vulnerability (CVE-2020-8835), a local authenticated user can exploit and expose sensitive information resulting in high data loss. In ZDI’s Pwn2own competition, Manfred Paul demonstrated the flaw in the bpf verifier for … Continue reading “Linux Kernel ePBF Local Privilege Escalation Vulnerability (CVE-2020-8835)”
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)
On July 14, 2020, Microsoft issued a new security advisory on Microsoft Windows Patch Day – addressing CVE-2020-1350, also known as SigRed – a Remote Code Execution (RCE) vulnerability in Windows Domain Name System (DNS) servers. SigRed affects Windows servers that are configured to run the DNS Server role as described in advisory. Description Microsoft mentioned … Continue reading “Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350)”
Apache Guacamole Remote Code Execution Vulnerability (CVE-2020-9497, CVE-2020-9498)
Summary: In the first week of July,2020, Apache released patches to address two critical vulnerabilities – CVE-2020-9497 and CVE-2020-9498. Researchers from the Check Point team found these vulnerabilities in FreeRDP and reverse RDP connection of Apache Guacamole. Description: According to Apache’s documentation: “guacd is the heart of Guacamole.” Upon startup, guacd listens on TCP port 4822 and waits for incoming instructions from the … Continue reading “Apache Guacamole Remote Code Execution Vulnerability (CVE-2020-9497, CVE-2020-9498)”
Microsoft Windows Codec Library RCE Vulnerabilities (CVE-2020-1425, CVE-2020-1457)
Summary: Microsoft released emergency fixes ahead of the July 2020 Patch Tuesday to address two critical Remote Code Execution (RCE) vulnerabilities. Description: According to advisories, Abdul-Aziz Hariri of Trend Micro’s Zero Day initiative observed and reported two RCE vulnerabilities, CVE-2020-1425 and CVE-2020-1457, to Microsoft. Both CVEs are related to Microsoft Windows Codecs Library and affect … Continue reading “Microsoft Windows Codec Library RCE Vulnerabilities (CVE-2020-1425, CVE-2020-1457)”
Lucifer malware multiple DDoS vulnerabilites (CVE-2019-9081, CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, CVE-2018-20062, CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, CVE-2017-0144, CVE-2017-0145, CVE-2017-8464)
Summary: A new fish in town with two version of itself, a malware, that impacts Windows machines named Lucifer, is a powerful DDos based malware does crypto jacking and other such nefarious activities using old and new vulnerabilities. In actual, out of the two versions of Lucifer the second sample was compiled on Thursday, June 11, 2020 caught by Palo Alto Networks Next-Generation … Continue reading “Lucifer malware multiple DDoS vulnerabilites (CVE-2019-9081, CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, CVE-2018-20062, CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, CVE-2017-0144, CVE-2017-0145, CVE-2017-8464)”
Bitdefender anti-virus Remote Code Execution(CVE-2020-8102)
Summary: CVE-2020-8102 is the latest vulnerability on anti-virus, popularly known as Bit defender antivirus Remote code execution as a major security hole in cybersecurity market. An individual named Wladimir Palant holds the credits for this wonderful research. As mitre quotes “Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows … Continue reading “Bitdefender anti-virus Remote Code Execution(CVE-2020-8102)”
Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)
Summary: A flaw in the shared memory access of Cisco Webex meetings App for Desktop was reported as medium vulnerability as CVE-2020-3347. This was classified as medium by the networking giant Cisco, as only authenticated users can take the leverage of this flaw. Basically, allowed an attacker who already had authenticated access on a system … Continue reading “Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)”
