A remote code execution vulnerability was discovered in Apache Struts 2. The vulnerability in being tracked via CVE-2018-11776. Upon successful exploitation an attacker can gain remote execution on the target and ultimately take over the target machine. The issue affect all versions of Apache Struts 2, possibly even fixed versions where the settings are mis-configured. Apache has … Continue reading “Apache Struts 2 namespace Remote Code Execution Vulnerability: CVE-2018-11776”
VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373
A use-after-free (UAF) vulnerability has been discovered in the Windows VBScript engine. Upon successful exploitation an attacker can achieve remote code execution on the target. CVE-2018-8373 has been assigned to track this vulnerability. CVE-2018-8373 is being exploited in the wild similar to CVE-2018-8174. The issue affects Internet explorer 9-11 unless VBScript is disabled by default. … Continue reading “VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373”
SegmentSmack: CVE-2018-5390
Linux kernel versions 4.9+ are vulnerable to Denial of Service attacks due to a resource exhaustion vulnerability. The issue is being tracked via CVE-2018-5390. The vulnerability has been named SegmentSmack. An attacker can exploit this bug by triggering expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). The attacker needs to send crafted TCP packets within already established TCP … Continue reading “SegmentSmack: CVE-2018-5390”
Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893
A deserialization vulnerability in Oracle WebLogic has been disclosed by multiple 3rd party researchers and organizations. The vulnerability allows unauthenticated attackers to compromise WebLogic server via T3 protocol. The affected component is WLS Core components. Upon successful exploitation an attacker can take over the target server via remote code execution .CVE-2018-2893 has been assigned to … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893”
Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894
In the month of July 2018 Oracle had released advisory addressing many vulnerabilities in its suit of products. In this post will discuss about CVE-2018-2894. It is a remote file upload vulnerability in WebLogic server due to improper authentication enforcement. Normally this page should not be accessible without authentication. The affected versions are 10.3.6.0, 12.1.3.0, 12.2.1.2, … Continue reading “Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894”
Microsoft Windows DHCPv6 Packets Remote Denial of Service Vulnerability (Zero Day)
This vulnerability affects Windows 7 and was published seven years ago. We decided to check if this is still a zero day and can still be exploited as Microsoft never acknowledged it. The following video demonstrates this attack on a fully patched Windows 7 SP1 system: As you can see, we setup a fully patched … Continue reading “Microsoft Windows DHCPv6 Packets Remote Denial of Service Vulnerability (Zero Day)”
VMware NSX SD-WAN Edge by VeloCloud Multiple Command Execution Vulnerabilities
Background: An unauthenticated, remote command execution vulnerability was discovered in the VMware NSX SD-WAN Edge by VeloCloud, tracked as CVE-2018-6961. Delivered as either a hardware appliance or virtual instance, NSX SD-WAN edges provide security connectivity to private, public, and hybrid applications, as well as compute and virtualized services. The vulnerabilities exist due to insufficient sanitization … Continue reading “VMware NSX SD-WAN Edge by VeloCloud Multiple Command Execution Vulnerabilities”
PhpMyAdmin Local File Inclusion Vulnerability (PMASA-2018-4)
phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. A vulnerability has been discovered where an attacker can include (view and potentially execute) files on the server. CVE-2018-12613 has been assigned to track this vulnerability. The vulnerability affects phpMyAdmin 4.8.0 and 4.8.1. Upon successful exploitation … Continue reading “PhpMyAdmin Local File Inclusion Vulnerability (PMASA-2018-4)”
Intel LazyFP Vulnerability : CVE-2018-3665
An information disclosure vulnerability has been disclosed in Intel Microprocessors. Lazy restored FP states are susceptible to speculative execution cache side-channel attacks, A process can infer FPU registry (AVX, MMX and SSE) values of other processes. CVE-2018-3665 has been assigned to track this issue. It does not affect AMD processors. Intel has addressed this vulnerability in … Continue reading “Intel LazyFP Vulnerability : CVE-2018-3665”
Cortana Elevation of Privilege Vulnerability: CVE-2018-8140
An elevation of privilege vulnerability was discovered in Microsoft virtual assistant ‘Cortana’. The issue arises due to a behavior glitch in Cortana. Upon successful exploitation an attacker can gain elevated command execution. The attacker would need physical access to the target machine to perform the attack. Microsoft has addressed this vulnerability in patches released in … Continue reading “Cortana Elevation of Privilege Vulnerability: CVE-2018-8140”