Summary: Qualys researchers discovered a local privilege escalation vulnerability in OpenBSD’s dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges to attackers who has a low privilege on the system. Vulnerability: In OpenBSD with a low memory conditions, “_dl_split_path” function … Continue reading “OpenBSD Local Privilege Escalation Vulnerability CVE-2019-19726”
RCE vulnerability impacts Nostromo Web Server!
HOLA! I don’t think Professor Dumbledore destroyed the Resurrection Stone ツ It seems Nostromo possessed the stone all this time. Oh yes, I’m serious. If not, then how can you explain the return of this RCE Vulnerability!? Let’s have a look. In 2011, Nostromo web servers were affected by a directory traversal vulnerability leading to … Continue reading “RCE vulnerability impacts Nostromo Web Server!”
Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)
Summary: Apache Tomcat has a vulnerability in the CGI Servlet which can be exploited to achieve remote code execution (RCE). Only Windows is exploitable while running in a non-default configuration in conjunction with batch files. Description: conf/context.xml as well conf/web.xml enables CGI in tomcat. Common Gateway Interface (CGI) is a standard protocol allows passing of … Continue reading “Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)”
OpenBSD Authentication Bypass Vulnerability
Summary: Qualys researchers discovered an authentication-bypass vulnerability (CVE-2019-19521) in OpenBSD’s authentication system. An attacker can exploit this issue by sending a specially-crafted username to bypass OpenBSD’s authentication. This vulnerability is remotely exploitable. Vulnerability: OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The vulnerability is composed of 2 following … Continue reading “OpenBSD Authentication Bypass Vulnerability”
GNU Bash SUID Priviledge Drop Vulnerability
Recently, a security researcher disclosed a 0-day vulnerability in /bin/bash, tracked as CVE-2019-18276. The vulnerability exists due to a bug in the privilege dropping feature of Bash. Affected Versions: Bash 5.0 Patch 11 and prior versions Vulnerability: An issue was discovered in disable_priv_mode() in shell.c of GNU Bash, which doesn’t handle setuid bit correctly. If … Continue reading “GNU Bash SUID Priviledge Drop Vulnerability”
Apache Solr Remote Code Execution Vulnerability Due to Default Configuration (CVE-2019-12409)
Apache has released a security update to fix a remote code execution vulnerability in Solr, tracked as CVE-2019-12409. The flaw arises due to a default insecure parameter in the solr.in.sh configuration file, which was shipped with affected Solr versions. Description: CVE-2019-12409 was first reported in July 2019. A week ago, security researcher demonstrated that the … Continue reading “Apache Solr Remote Code Execution Vulnerability Due to Default Configuration (CVE-2019-12409)”
rconfig unauthenticated remote code exection vulnerability
Summary: A command-execution vulnerability is observed in a free open-source configuration management well-known as rconfig. It fails to filter the ‘rootUname‘ parameter passed to the ‘exec()‘ function of the ‘ajaxServerSettingsChk.php‘ file. It can be exploited by sending a crafted GET request to execute system commands. Description: The vulnerabilities (CVE-2019-16663, CVE-2019-16662) are both tied to rConfig … Continue reading “rconfig unauthenticated remote code exection vulnerability”
Check Point ZoneAlarm Local Arbitrary Code Execution
We have recently tested the old vulnerability in Check Point ZoneAlarm Free Firewall and Check Point ZoneAlarm Free Antivirus + Firewall. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability (CVE-2018-8790). ZoneAlarm exposes a Windows Communication Foundation (WCF) interface that can allow a local low privileged user to execute arbitrary code as SYSTEM. … Continue reading “Check Point ZoneAlarm Local Arbitrary Code Execution”
Apache Solr Remote Command Execution Via Velocity Template
On October 31, 2019, a security researcher released an exploit for Apache Solr on GitHub. It is a trivial vulnerability that can be exploited easily. If an attacker can directly access the Solr console, one can execute arbitrary code on the targeted system via Velocity template. This vulnerability can be tracked as CVE-2019-17558. Affected versions: … Continue reading “Apache Solr Remote Command Execution Via Velocity Template”
Cisco RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663)
Summary: Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router management interface are prone to an unauthenticated, remote code execution. Improper validation of user-supplied data in the web-based management interface is the vulnerability. Description: For Cisco RV110/RV130/RV215 ,the web-based management interface is available through a local LAN … Continue reading “Cisco RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663)”
