Apache Struts Remote Code Execution : CVE-2017-9805

Apache Struts 2 is a framework for creating enterprise Java web applications. The framework is designed to  reduce overhead for building, deploying and maintaining applications. A remote code execution vulnerability has been discovered by lgtm. The Apache Struts group has addressed this vulnerability in S2-052. The vulnerability has been assigned CVE-2017-9805. As per the official … Continue reading “Apache Struts Remote Code Execution : CVE-2017-9805”

Westermo MRD-305-DIN, MRD-315, MRD-355 and MRD-455 Multiple Security Vulnerabilities

Westermo provides a full range of industrial data communications (SCADA) solutions for demanding applications in the transport, water and energy markets among others. MRD devices provide resilient remote access and eliminate the need for costly site visits. With support for secure VPN communications, static and dynamic IP routing, NAT, port forwarding, OpenVPN (SSL VPN), and … Continue reading “Westermo MRD-305-DIN, MRD-315, MRD-355 and MRD-455 Multiple Security Vulnerabilities”

Foxit Reader and PhantomPDF Multiple Code Execution Vulnerabilities

Recently, ZDI published two 0day advisories ZDI-17-691 and ZDI-17-692 for vulnerabilities in Foxit Reader & PhantomPDF. These are Command Injection and File Write vulnerabilities that can be triggered through the JavaScript API in Foxit Reader. These vulnerabilities are not memory corruption vulnerabilities. Details: CVE-2017-10951 (ZDI-CAN-4724): This allows the “app.launchURL” method to execute a system call … Continue reading “Foxit Reader and PhantomPDF Multiple Code Execution Vulnerabilities”

Disdain EK

A new exploit kit (EK) named “Disdain” has been observed in the wild. The EK targets Windows vulnerabilities. Initially the presence of this EK was found in underground forums as an ad and was brought to light on twitter by @CryptoInsane. The EK can be rented for as low as 80$. Disdain claims to exploit … Continue reading “Disdain EK”

Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability

Recently, a remote code execution vulnerability was discovered in the Citrix NetScaler SD-WAN and Citrix CloudBridge tracked as CVE-2017-6316. The vulnerability exist in the session management functionality. If the cookie holds shell-command data – it is used in a call to system where input is processed unsanitized. This allows an attacker to execute arbitrary commands … Continue reading “Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability”

Orpheus’ Lyre Vulnerability

The Orpheus’ lyre is a critical vulnerability in the implementation of the Kerberos protocol. The name has its roots in the Greek mythology where Orpheus plays his lyre to put Cerberus to sleep. Cerberus is the three headed dog the guards the entrance to the Underworld. Kerberos is named after Cerberus. Kerberos is heavily used by MS … Continue reading “Orpheus’ Lyre Vulnerability”

WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass

Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”

D-Link DIR-615 Router Multiple Vulnerabilities

The D-Link DIR-615 router suffers from multiple vulnerabilities that includes Cross Site Request Forgery (CSRF), IP Based Weak Session Management and Sensitive Information Disclosure. The D-Link DIR-615 with hardware version T1 and firmware version 20.12PTb01 is affected. Older versions may also be affected. Cross Site Request Forgery (CSRF) on Firmware Upgrade Page (CVE-2017-7404) The Firmware Upgrade page … Continue reading “D-Link DIR-615 Router Multiple Vulnerabilities”

Petya Ransomware

Petya is not a new player in the ransomware world. It has multiple versions and was delivered to target machines as part of exploit kit campaigns and as malicious email attachments. The latest versions of petya seems to be spreading via the SMBv1 vulnerabilities (CVE-2017-0144 and CVE-2017-0145) in the Windows operating system. This behavior is … Continue reading “Petya Ransomware”

Brickcom Devices Multiple Security Vulnerabilities

While doing research on the IP surveillance solutions, we came across a company called Brickcom Corporation. Brickcom is a network video manufacturer in the IP surveillance industry. We started testing the latest firmware It’s based on Linux and the file system is ‘Squashfs’ compressed with LZMA. We extracted the ‘Squashfs’ file system using open … Continue reading “Brickcom Devices Multiple Security Vulnerabilities”