Introduction: A user after free (UAF) vulnerability in Apache HTTP causes the server to respond with a corrupted ALLOW header while replying to a HTTP OPTIONS request. The Apache httpd enables attackers to read data from process memory if Limit directive is set for user in .htaccess file or if the file contains mis-configurations. This … Continue reading “Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP”
Piriform Supply Chain Compromise
Incident: The download servers used to distribute CCleaner (32-bit) were compromised by attackers, CCleaner version 5.33 was bundled with a malware and was being distributed through the Piriform hosting platform. This version was hosted directly on CCleaner’s download servers from September 11, 2017. The incident was disclosed by Cisco Talos team on Sept 13 2017. Piriform is the … Continue reading “Piriform Supply Chain Compromise”
BlueBorne: Bluetooth Attack Vector
A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”
.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759
A Zero-day vulnerability in the .NET framework is being actively exploited in the wild. The vulnerability has been assigned CVE-2017-8759. Exploiting this vulnerability results in the remote code execution on the target machine. The attack was disclosed by FireEye. The vulnerability is being used to distribute FINSPY malware. The affected .NET versions are listed below … Continue reading “.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759”
REDDOXX Appliance Multiple Vulnerabilities
REDDOXX is a leading supplier of solutions for e-mail archiving,encrypted and digitally signed e-mail traffic as well as spam protection. REDDOXX Appliance Builds prior to 2032 (v2.0.625) found to be vulnerable to unauthenticated Remote Command Injection and Local File Inclusion vulnerabilities. We will analyze these vulnerabilities in this blog post. Command Injection Vulnerability: This appliance can … Continue reading “REDDOXX Appliance Multiple Vulnerabilities”
Apache Struts Remote Code Execution : CVE-2017-9805
Apache Struts 2 is a framework for creating enterprise Java web applications. The framework is designed to reduce overhead for building, deploying and maintaining applications. A remote code execution vulnerability has been discovered by lgtm. The Apache Struts group has addressed this vulnerability in S2-052. The vulnerability has been assigned CVE-2017-9805. As per the official … Continue reading “Apache Struts Remote Code Execution : CVE-2017-9805”
Westermo MRD-305-DIN, MRD-315, MRD-355 and MRD-455 Multiple Security Vulnerabilities
Westermo provides a full range of industrial data communications (SCADA) solutions for demanding applications in the transport, water and energy markets among others. MRD devices provide resilient remote access and eliminate the need for costly site visits. With support for secure VPN communications, static and dynamic IP routing, NAT, port forwarding, OpenVPN (SSL VPN), and … Continue reading “Westermo MRD-305-DIN, MRD-315, MRD-355 and MRD-455 Multiple Security Vulnerabilities”
Foxit Reader and PhantomPDF Multiple Code Execution Vulnerabilities
Recently, ZDI published two 0day advisories ZDI-17-691 and ZDI-17-692 for vulnerabilities in Foxit Reader & PhantomPDF. These are Command Injection and File Write vulnerabilities that can be triggered through the JavaScript API in Foxit Reader. These vulnerabilities are not memory corruption vulnerabilities. Details: CVE-2017-10951 (ZDI-CAN-4724): This allows the “app.launchURL” method to execute a system call … Continue reading “Foxit Reader and PhantomPDF Multiple Code Execution Vulnerabilities”
Disdain EK
A new exploit kit (EK) named “Disdain” has been observed in the wild. The EK targets Windows vulnerabilities. Initially the presence of this EK was found in underground forums as an ad and was brought to light on twitter by @CryptoInsane. The EK can be rented for as low as 80$. Disdain claims to exploit … Continue reading “Disdain EK”
Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability
Recently, a remote code execution vulnerability was discovered in the Citrix NetScaler SD-WAN and Citrix CloudBridge tracked as CVE-2017-6316. The vulnerability exist in the session management functionality. If the cookie holds shell-command data – it is used in a call to system where input is processed unsanitized. This allows an attacker to execute arbitrary commands … Continue reading “Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability”
