Vulnerability Overview: Pi-hole web application has been affected by Remote Code Execution and Privilege Escalation vulnerability. An authenticated user of the Web portal can execute arbitrary commands and escalate privileges to root. Pi-hole is a Linux based network-level advertisement and Internet tracker blocking application. It functions similarly to a network firewall. POC for the exploit … Continue reading “Pi-hole Remote Code Execution and Privilege Escalation Vulnerability(CVE-2020-11108)”
Author: Pallavi Pangavhane
Privilege Escalation in Microsoft Windows BITS(CVE-2020-0787)
Vulnerability overview The Microsoft Windows Background Intelligent Transfer Service(BITS) is vulnerable to Elevation of Privilege. Vulnerability occurs due to incorrect handling of symbolic links. Background Intelligent Transfer Service(BITS) is a Microsoft component used to transfer files using idle bandwidth. Vulnerability Description To check where vulnerability actually exists, we will first analyse the behaviour of Legacy … Continue reading “Privilege Escalation in Microsoft Windows BITS(CVE-2020-0787)”
Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
Vulnerability Overview Recently in the month of February 2020 Microsoft has released patches for 99 CVE’s. It was a large number of fixes in a single month. One of them being CVE-2020-0729 involving window LNK files, also known as shortcut files. CVE-2020-0729 is a remote code execution vulnerability using windows shortcut files. What makes this … Continue reading “Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)”
Windows GDI Remote Code Execution(CVE-2020-0883)
Vulnerability overview A remote code execution vulnerability exists in the Windows Graphics Device Interface (GDI). It occurs due to incorrect handling of an objects in memory. The attackers can execute arbitrary commands on the targeted system. A Graphics Device Interface(GDI+) is the sub-system of windows operating system. It used by various applications for displaying information … Continue reading “Windows GDI Remote Code Execution(CVE-2020-0883)”
Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)
Overview On January 14, 2020, Oracle disclosed the critical vulnerability CVE-2020-2551 . Vulnerability has been discovered in the Oracle WebLogic Server, component of Oracle Fusion Middleware using IIOP protocol. Flaw existed the way WebLogic Server handled IIOP deserialization. It led to remote code execution using IIOP protocol via Malicious JNDI Lookup. Before looking into vulnerability, … Continue reading “Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)”
ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)
Vulnerability Overview Over the last few months, a remote code execution bug on Chinese open source framework ThinkPHP is being actively exploited by attackers to deliver a variety of malware. Poorly handled input is a leading cause behind the vulnerability. As a result, a remote attacker can send a crafted HTTP request to execute arbitrary … Continue reading “ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)”
XAMPP Arbitrary Code Execution Vulnerability [CVE-2020-11107]
Vulnerability Overview A remote code execution vulnerability in the XAMPP has recently been found. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable command execution. These can be carried out through the control panel of xampp. What is XAMPP XAMPP is a package containing the Apache WebServer, … Continue reading “XAMPP Arbitrary Code Execution Vulnerability [CVE-2020-11107]”
RubyGems typosquatting attack in Ruby Libraries
Overview Recent investigation on Ruby packages discovered that over 760 malicious packages uploaded on the official RubyGems repository targeting Windows users. RubyGems is a package management framework for Ruby programming language. The repository contains thousands of packages also called gems. Each ruby gem consists of Code, Documentation and Gem specification. Gems are formed of a … Continue reading “RubyGems typosquatting attack in Ruby Libraries”