Memcached Amplification Attacks

Memcached is high-performance distributed system for caching. It was designed yo improve web application performance by reducing database load. An amplification attack using the memcached protocol was observed in the wild. The attack is carried over UDP port 11211. Amplification attacks requires an attacker to forge the IP address of the target and send a … Continue reading “Memcached Amplification Attacks”

Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway

Qualys Security Research Team has disclosed multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway. Citrix has addressed these vulnerabilities in CTX232161. The affected versions and CVEs are listed below. CVE(s) Description Product Affected Version : Build CVE-2018-6810 Directory Traversal Vulnerability Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway < 12.0 : 57.19 < 11.1 : … Continue reading “Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway”

LibreOffice Remote Arbitrary File Disclosure Vulnerability via WEBSERVICE Function

LibreOffice Calc is the spreadsheet component of the LibreOffice software package. LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Details: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via WEBSERVICE calls in a document (CVE-2018-6871), which uses the COM.MICROSOFT.WEBSERVICE function. This feature is available in Microsoft … Continue reading “LibreOffice Remote Arbitrary File Disclosure Vulnerability via WEBSERVICE Function”

CouchDB Remote Code Execution Vulnerability

CouchDB is an open source non-SQL database designed for easy data replication. It uses Couch replication protocol to implement its replication functionality. CouchDB is implemented in Erlang. Two vulnerabilities CVE-2017-12635, CVE-2017-12636 were reported in CouchDB, they can exploited by attackers to achieve remote code execution with admin privileges. CVE-2017-12635: Elevation of privilege The vulnerability allows non-admin users … Continue reading “CouchDB Remote Code Execution Vulnerability”

WebLogic WLS Deserialization RCE : CVE-2017-10271

In the month of October 2017 a Java deserialization vulnerability was disclosed to Oracle. The vulnerability is assigned CVE-2017-10271. Oracle has addressed this issue by releasing patches in October. Upon successful exploitation an attacker can achieve remote code execution with out authentication. An attacker sends a custom XML request to CoordinatorPortType web service, this causes … Continue reading “WebLogic WLS Deserialization RCE : CVE-2017-10271”

Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878

A Zero Day vulnerability in Adobe Flash player has been discovered in the wild. The bug is a use after free vulnerability in the  Adobe Flash MediaPlayer DRM management API, it can be exploited to achieve remote code execution. CVE-2018-4878 has been assigned to track this vulnerability. The affected versions are Adobe Flash Player ActiveX … Continue reading “Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878”

Cisco ASA AnyConnect/WebVPN Double free Vulnerability : CVE-2018-0101

A double free vulnerability has been discovered in Cisco ASA devices in the SSL-VPN feature . The vulnerability has been assigned CVE-2018-0101. An attacker can exploit this vulnerability by sending custom crafted XML packets to the webvpn interface. Upon successful exploitation an attacker can achieve remote arbitrary code excution, reload the device or shutdown the … Continue reading “Cisco ASA AnyConnect/WebVPN Double free Vulnerability : CVE-2018-0101”

Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802

A stack overflow vulnerability in “Microsoft Equation Editor” was disclosed to Microsoft. This vulnerability has been assigned CVE-2018-0802. A similar vulnerability was disclosed in the same component in August 2017 – CVE-2017-11882 which overflowed the stack and was able to execute commands by calling the WinExec() within the EQNEDT32.EXE code base using a static address. CVE-2018-0802 follows a similar … Continue reading “Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”

Embedthis GoAhead Remote Code Execution vulnerability : CVE-2017-17562

A remote code execution vulnerability has been discovered in GoAhead web server version prior to 3.6.5. The issue stems from the ability to configure environment parameters for GoAhead CGI scripts via an HTTP request. An attacker can exploit this vulnerability to achieve remote code execution. In this post we will discuss how this vulnerability can be … Continue reading “Embedthis GoAhead Remote Code Execution vulnerability : CVE-2017-17562”