Recently, a remote code execution vulnerability was discovered in the Citrix NetScaler SD-WAN and Citrix CloudBridge tracked as CVE-2017-6316. The vulnerability exist in the session management functionality. If the cookie holds shell-command data – it is used in a call to system where input is processed unsanitized. This allows an attacker to execute arbitrary commands … Continue reading “Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability”
Orpheus’ Lyre Vulnerability
The Orpheus’ lyre is a critical vulnerability in the implementation of the Kerberos protocol. The name has its roots in the Greek mythology where Orpheus plays his lyre to put Cerberus to sleep. Cerberus is the three headed dog the guards the entrance to the Underworld. Kerberos is named after Cerberus. Kerberos is heavily used by MS … Continue reading “Orpheus’ Lyre Vulnerability”
WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass
Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”
D-Link DIR-615 Router Multiple Vulnerabilities
The D-Link DIR-615 router suffers from multiple vulnerabilities that includes Cross Site Request Forgery (CSRF), IP Based Weak Session Management and Sensitive Information Disclosure. The D-Link DIR-615 with hardware version T1 and firmware version 20.12PTb01 is affected. Older versions may also be affected. Cross Site Request Forgery (CSRF) on Firmware Upgrade Page (CVE-2017-7404) The Firmware Upgrade page … Continue reading “D-Link DIR-615 Router Multiple Vulnerabilities”
Petya Ransomware
Petya is not a new player in the ransomware world. It has multiple versions and was delivered to target machines as part of exploit kit campaigns and as malicious email attachments. The latest versions of petya seems to be spreading via the SMBv1 vulnerabilities (CVE-2017-0144 and CVE-2017-0145) in the Windows operating system. This behavior is … Continue reading “Petya Ransomware”
Brickcom Devices Multiple Security Vulnerabilities
While doing research on the IP surveillance solutions, we came across a company called Brickcom Corporation. Brickcom is a network video manufacturer in the IP surveillance industry. We started testing the latest firmware 3.7.0.2aR. It’s based on Linux and the file system is ‘Squashfs’ compressed with LZMA. We extracted the ‘Squashfs’ file system using open … Continue reading “Brickcom Devices Multiple Security Vulnerabilities”
Stack-Clash Vulnerability
The security research team at Qualys has discovered multiple vulnerabilities in guard-page implementations in various Linux versions. This bug can be exploited by local users to gain root privileges by compromising memory regions pertaining to other application and shared libraries. Qualys has disclosed these vulnerabilities to vendors and has been working with them for a … Continue reading “Stack-Clash Vulnerability”
Samba Writable Share Remote Code Execution (CVE-2017-7494)
A critical remote code execution vulnerability impacting Samba was issued on Wednesday. The vulnerability exists in “SMB” protocol which is similar to “WannaCry”. All versions of Samba from 3.5.0 onwards are affected. The vulnerability allows a malicious client to upload a shared library to a writable share, and then cause the server to load and … Continue reading “Samba Writable Share Remote Code Execution (CVE-2017-7494)”
WannaCry Ransomware Analysis
In our previous post we have seen how the the initial WannaCry executable configures the target system and creates the tasksche.exe file under C:\WINDOWS directory and executes it with command line argument /i. In this post we will continue our analysis to see what this process is upto. MD5 84C82835A5D21BBCF75A61706D8AB549 SHA-1 5FF465AFAABCBF0150D1A3AB2C2E74F3A4426467 FileDescription DiskPart OriginalFilename … Continue reading “WannaCry Ransomware Analysis”
Joomla! ‘com_fields’ Component SQL Injection Vulnerability
Recently, Joomla released a patch for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites. The vulnerability is easy to exploit, which may allow an attacker to use this exploit against millions of websites and steal sensitive information from the … Continue reading “Joomla! ‘com_fields’ Component SQL Injection Vulnerability”
