VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-21975)

VMware vRealize Suite, formerly called vCenter Operations Management Suite, is a software platform designed to help IT administrators build and manage heterogeneous, hybrid clouds. An unauthenticated Server Side Request Forgery (SSRF) vulnerability has recently been identified in VMware vRealize Operations Manager API. Attackers can exploit this vulnerability to perform unauthenticated Remote Code Execution (RCE), internal … Continue reading “VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-21975)”

Google Chrome Exploit In The wild (CVE-2021-21193)

Overview On March 12, 2021, Google released an Update for the Chrome browser.  According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks. Description The Google Chrome team has fixed 5 high severity security bugs, out … Continue reading “Google Chrome Exploit In The wild (CVE-2021-21193)”

Citrix XenMobile Server – Arbitrary File Read Vulnerability (CVE-2020-8209)

Overview: Citrix XenMobile Server is an enterprise application used for mobile device, as well as mobile application management.   A Path Traversal vulnerability (CVE-2020-8209), which leads to arbitrary file read  has recently been identified in Citrix XenMobile Server.  According to Adrey Modav from Positive Technologies, an authentication is not required to exploit this vulnerability.  Description:  According to the researcher, the vulnerable code exists in the help-sb-download.jsp file. The vulnerability exists because the user– supplied input is passed to the sbFileName parameter is not sanitized and is directly appended … Continue reading “Citrix XenMobile Server – Arbitrary File Read Vulnerability (CVE-2020-8209)”

Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)

Apache has recently fixed a Java Deserialization vulnerability in Apache Solr. Apache Solr has a Config API which allows to configure Solr’s JMX server via an HTTP POST request. It’s possible to setup a malicious RMI server, have Config API point to this malicious RMI server and trigger a remote code execution via Apache Solr’s unsafe … Continue reading “Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)”

Nexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238)

Sonatype released a patch earlier this month that fixes a Remote Code Execution (RCE) vulnerability in Nexus Repository Manager 3. The vulnerability exists because Nexus Repository Manager fails to implement Access Controls properly which leads to Remote Code Execution vulnerability. This vulnerability affects Nexus Repository Manager 3.6.2 OSS/Pro versions up to and including 3.14.0. Vulnerability Analysis: … Continue reading “Nexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238)”

Oracle WebLogic Server XML External Entity Vulnerability (CVE-2018-3246)

Oracle has addressed several WebLogic Server vulnerabilities this Patch Tuesday. In this post we will discuss one of the critical vulnerbilities, CVE-2018-3246. It’s an XML External Entity (XXE) vulnerability that affects Oracle WebLogic Server versions 12.1.3.0, and 12.2.1.3. Vulnerability Analysis: The vulnerability exists in a component that allows users to upload configuration files in an XML … Continue reading “Oracle WebLogic Server XML External Entity Vulnerability (CVE-2018-3246)”

Microsoft Windows DHCPv6 Packets Remote Denial of Service Vulnerability (Zero Day)

This vulnerability affects Windows 7 and was published seven years ago. We decided to check if this is still a zero day and can still be exploited as Microsoft never acknowledged it. The following video demonstrates this attack on a fully patched Windows 7 SP1 system: As you can see, we setup a fully patched … Continue reading “Microsoft Windows DHCPv6 Packets Remote Denial of Service Vulnerability (Zero Day)”

DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)

A critical vulnerability has been found in DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7. The flaw allows unauthenticated remote attackers to execute arbitrary Linux commands with root privileges. An attacker can set up a malicious DHCP server on the local network and spoof DHCP responses in order to exploit this flaw … Continue reading “DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)”

Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) Installation Manager Missing Access Control Vulnerability (DSA-2018-025)

EMC Avamar Virtual Edition is great for enterprise backup data protection for small and medium-sized offices. Avamar Virtual Edition is optimized for backup and recovery of virtual and physical servers, enterprise applications,  remote offices, and desktops or laptops. Avamar Installation Manager is affected by a missing access control check vulnerability which could potentially allow a … Continue reading “Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) Installation Manager Missing Access Control Vulnerability (DSA-2018-025)”

D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability

It was a few months ago while working with D-Link on another issue,  I was provided with D-Link network camera, DCS-936L. According to D-Link this is a current and most popular product. This device was shipped with latest firmware, version 1.02.01 which had CSRF protection. My goal was to check if this CSRF protection could be … Continue reading “D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability”