Recently, Joomla released a patch for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites. The vulnerability is easy to exploit, which may allow an attacker to use this exploit against millions of websites and steal sensitive information from the … Continue reading “Joomla! ‘com_fields’ Component SQL Injection Vulnerability”
Author: Mandar Jadhav
Intel Active Management Technology (AMT) Privilege Escalation Vulnerability
Recently Intel published a security advisory regarding a critical vulnerability in certain systems that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT). This allows a network attacker to remotely gain access to systems or devices that use these technologies, tracked as CVE-2017-5689. What is Intel AMT/Management Engine: … Continue reading “Intel Active Management Technology (AMT) Privilege Escalation Vulnerability”
ACTi Cameras Multiple Security Vulnerabilities
The IP security camera industry has grown a lot over the past few years. From consumer-grade home IP security models to professional-grade models. Internet-connected video camera, or IP cameras, are widely used for security systems, offering the advantage that footage can be streamed anywhere remotely. However, anything connected to the Internet poses risks if not … Continue reading “ACTi Cameras Multiple Security Vulnerabilities”
Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability
Introduction: On March 7, 2017, Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, … Continue reading “Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability”
Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability
Introduction: Google Project Zero recently disclosed an unpatched vulnerability that affects Microsoft Edge and Internet Explorer. This vulnerability is tracked as CVE-2017-0037. The disclosed PoC only demonstrates DoS attack on the target, but arbitrary code execution could also be possible. A PoC for the same is also available here. Exploit: The CVE-2017-0037 vulnerability, so-called ‘type … Continue reading “Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability”
Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability
Introduction: Recently, IoT devices have been used to create large-scale botnet of devices that can execute crippling distributed denial-of-service (DDoS) attacks. Because many IoT devices are unsecured or weakly secured, which allows the bot to access hundreds of thousands of devices. The IoT devices affected in the latest incidents were primarily home routers, network-enabled cameras, … Continue reading “Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability”
Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities
Abstract: While doing our daily research for ThreatPROTECT, I came across ManageEngine, Zoho Corporation’s OpManager product. It is a network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure thereby providing all the visibility and control that you need over your network. So we decided to use it for our internal … Continue reading “Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities”
Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497
Abstract: While analyzing exploits for ThreatPROTECT, I came across a Metasploit module for Persistent Systems Radia Client Automation (RCA)- CVE-2015-1497. This module has been tested on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5. Radia Client Automation software is PC and mobile device lifecycle management tool for automating routine client-management tasks such … Continue reading “Persistent Systems Radia Client Automation (RCA) Remote Command Execution Vulnerability- CVE-2015-1497”
FortiGate Shadow Brokers Exploit – CVE-2016-6909
Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”
Netgear D6000/D3600 Hard-Coded Cryptographic keys and Auth Bypass
While doing firmware analysis for ThreatPROTECT, I came across a firmware running on Netgear D3600 and D6000 series router. So I decided to analyse it because these models have been used in multiple countries. In this blog post, I am going to explain how did I found flaws, which pose a risk to the privacy … Continue reading “Netgear D6000/D3600 Hard-Coded Cryptographic keys and Auth Bypass”