Summary: In the first week of May 2020,certain vulnerabilities have been observed that allows command injection in DrayTek devices. DrayTek manufactures firewalls, VPN devices, routers and wireless LAN devices. Successful exploitation could allow an attacker to manipulate and play on network traffic, escalated privileges or accounts even, operate SSH ans as such. Description: DrayTek Vigor … Continue reading “Draytek Command Injection Vulnerability (CVE-2020-8515)”
Privilege Escalation in Microsoft Windows BITS(CVE-2020-0787)
Vulnerability overview The Microsoft Windows Background Intelligent Transfer Service(BITS) is vulnerable to Elevation of Privilege. Vulnerability occurs due to incorrect handling of symbolic links. Background Intelligent Transfer Service(BITS) is a Microsoft component used to transfer files using idle bandwidth. Vulnerability Description To check where vulnerability actually exists, we will first analyse the behaviour of Legacy … Continue reading “Privilege Escalation in Microsoft Windows BITS(CVE-2020-0787)”
Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)
Summary: Amidst the global Pandemic, a serious hacking campaign is currently underway, and several companies have been hacked already., that stands in Fortune 500 companies. For the past 24 hours, hackers have been mass-scanning the internet for Salt, a type of software used as configuration management inside data centers, cloud server clusters, and enterprise networks. … Continue reading “Saltstack multiple Vulnerabilities (CVE-2020-11651, CVE-2020-11652)”
Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)
Summary: Oracle’s April 2020 patch addresses, a critical flaw in Oracle WebLogic Server as CVE-2020-2883 that can be exploited by an unauthenticated user for remote code execution. It has got major attention as CVssV3 score is 9.8/10. Description: WebLogic is a Java-based middleware solution, with thousands of servers running online. It sits between a front-facing … Continue reading “Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2020-2883)”
Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
Vulnerability Overview Recently in the month of February 2020 Microsoft has released patches for 99 CVE’s. It was a large number of fixes in a single month. One of them being CVE-2020-0729 involving window LNK files, also known as shortcut files. CVE-2020-0729 is a remote code execution vulnerability using windows shortcut files. What makes this … Continue reading “Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)”
Sophos XG-firewall SQL injection bug (CVE-2020-12271)
Summary: Amidst the global lockdown 2020, while the April month is about to end, a major security giant, Sophos was affected with SQL injection bug exploited in the wild, impacting its XG Firewall product. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of … Continue reading “Sophos XG-firewall SQL injection bug (CVE-2020-12271)”
Windows GDI Remote Code Execution(CVE-2020-0883)
Vulnerability overview A remote code execution vulnerability exists in the Windows Graphics Device Interface (GDI). It occurs due to incorrect handling of an objects in memory. The attackers can execute arbitrary commands on the targeted system. A Graphics Device Interface(GDI+) is the sub-system of windows operating system. It used by various applications for displaying information … Continue reading “Windows GDI Remote Code Execution(CVE-2020-0883)”
Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)
Overview On January 14, 2020, Oracle disclosed the critical vulnerability CVE-2020-2551 . Vulnerability has been discovered in the Oracle WebLogic Server, component of Oracle Fusion Middleware using IIOP protocol. Flaw existed the way WebLogic Server handled IIOP deserialization. It led to remote code execution using IIOP protocol via Malicious JNDI Lookup. Before looking into vulnerability, … Continue reading “Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)”
ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)
Vulnerability Overview Over the last few months, a remote code execution bug on Chinese open source framework ThinkPHP is being actively exploited by attackers to deliver a variety of malware. Poorly handled input is a leading cause behind the vulnerability. As a result, a remote attacker can send a crafted HTTP request to execute arbitrary … Continue reading “ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)”
Autodesk FBX-SDK multiple vulnerabilities (CVE-2020-7080,CVE-2020-7081,CVE-2020-7082,CVE-2020-7083,CVE-2020-7084,CVE-2020-7085)
Summary: Multiple vulnerabilities were observed in software development kit (SDK) of Autodesk products. Applications and Services that utilize the Autodesk FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities. Description: This Autodesk vulnerabilities have a high severity, which if exploited, would … Continue reading “Autodesk FBX-SDK multiple vulnerabilities (CVE-2020-7080,CVE-2020-7081,CVE-2020-7082,CVE-2020-7083,CVE-2020-7084,CVE-2020-7085)”