Microsoft Windows Privilege Escalation Vulnerability – CVE-2020-0668

In February 2020 Patch Tuesday, Microsoft released patches for CVE-2020-0668, an elevation of privilege vulnerability that could allow a local authenticated attacker to execute arbitrary code with elevated permissions. Description: It’s an arbitrary file move vulnerability in Service Tracing feature of Windows Operating Systems. This feature provides some basic debug information about running services and … Continue reading “Microsoft Windows Privilege Escalation Vulnerability – CVE-2020-0668”

Microsoft Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerabilities

Overview: This January Patch Tuesday, Microsoft released patches related to Windows Remote Desktop Gateway (RD Gateway) that address the CVE-2020-0610 and CVE-2020-0609. Microsoft Remote Desktop Gateway (RDG), previously known as Terminal Services Gateway, allows users on public networks to access Windows desktops and applications hosted in cloud environment. The RD Gateway component uses Secure Sockets … Continue reading “Microsoft Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerabilities”

Citrix Application Delivery Controller (ADC) and Gateway Remote Code Execution Vulnerability

Recently, Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability, tracked as CVE-2019-19781, allows an unauthenticated remote attacker to run arbitrary code on the appliances. At this moment, few details regarding the vulnerability have been released. Affected products: Citrix ADC and Citrix Gateway version 13.0 … Continue reading “Citrix Application Delivery Controller (ADC) and Gateway Remote Code Execution Vulnerability”

GNU Bash SUID Priviledge Drop Vulnerability

Recently, a security researcher disclosed a 0-day vulnerability in /bin/bash, tracked as CVE-2019-18276. The vulnerability exists due to a bug in the privilege dropping feature of Bash. Affected Versions: Bash 5.0 Patch 11 and prior versions Vulnerability: An issue was discovered in disable_priv_mode() in shell.c of GNU Bash, which doesn’t handle setuid bit correctly. If … Continue reading “GNU Bash SUID Priviledge Drop Vulnerability”

Apache Solr Remote Code Execution Vulnerability Due to Default Configuration (CVE-2019-12409)

Apache has released a security update to fix a remote code execution vulnerability in Solr, tracked as CVE-2019-12409. The flaw arises due to a default insecure parameter in the solr.in.sh configuration file, which was shipped with affected Solr versions. Description: CVE-2019-12409 was first reported in July 2019. A week ago, security researcher demonstrated that the … Continue reading “Apache Solr Remote Code Execution Vulnerability Due to Default Configuration (CVE-2019-12409)”

Apache Solr Remote Command Execution Via Velocity Template

On October 31, 2019, a security researcher released an exploit for Apache Solr on GitHub. It is a trivial vulnerability that can be exploited easily. If an attacker can directly access the Solr console, one can execute arbitrary code on the targeted system via Velocity template. This vulnerability can be tracked as CVE-2019-17558. Affected versions: … Continue reading “Apache Solr Remote Command Execution Via Velocity Template”

Citrix SD-WAN Center and NetScaler SD-WAN Center Multiple Security Vulnerabilities

Recently, multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center, NetScaler SD-WAN Center, Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. The vulnerabilities exist because affected product fails to sanitize certain HTTP request parameter values, which are used to construct a shell command. This would allow an attacker to execute arbitrary … Continue reading “Citrix SD-WAN Center and NetScaler SD-WAN Center Multiple Security Vulnerabilities”

Oracle WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2729)

Recently a highly critical remote code execution vulnerability has been discovered in Oracle WebLogic application servers. On June 15, KnownSec 404 Team shared an advisory, according to them, the new vulnerability bypasses the latest Weblogic patch (CVE-2019-2725). An unauthenticated, remote attacker can send a crafted HTTP request to execute arbitrary commands on the Weblogic Servers. … Continue reading “Oracle WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2729)”

Linux Vim and Neovim Modeline Arbitrary Command Execution Vulnerability

A critical command execution vulnerability has been discovered in the Vim and Neovim command-line text editing application. Both applications come preinstalled on a majority of Linux based OS systems. The vulnerability, tracked as CVE-2019-12735 can be exploited by tricking users into opening a specially crafted text file with Vim or Neovim editor. This could allow … Continue reading “Linux Vim and Neovim Modeline Arbitrary Command Execution Vulnerability”

Docker Arbitrary File Read/Write Access Vulnerability

A critical race condition vulnerability has been disclosed in the Docker, tracked as CVE-2018-15664. The vulnerability affects all versions of Docker and resides in the FollowSymlinkInScope function, which is vulnerable to the time of check to time of use (TOCTOU) attack. Affected Versions: All Docker versions available till now. Vulnerability: Form the bug, it appears … Continue reading “Docker Arbitrary File Read/Write Access Vulnerability”