Windows OLE Zero-Day Vulnerability

An exploit for an unpatched Windows OLE vulnerability has been observed in the wild. The user opens a document containing the embedded exploit, which executes a Visual Basic script. The vulnerability was initially reported by Ryan Hanson . As per McAfee the earliest attack were observed in late January 2017. The exploit works against all Microsoft … Continue reading “Windows OLE Zero-Day Vulnerability”

Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022

Introduction: An Information disclosure vulnerability was found in the Microsoft XML services, the vulnerability can be exploited to detect files on target machines. The bug is fixed in MS17-022. The exploit uses an XMLDOM object to call res (Microsoft HTML Resource pluggable protocol) URL protocol. By default the support for res protocol is disabled so if you open … Continue reading “Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022”

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities

After Trend Micro fixed the vulnerabilities I reported earlier, I started testing this product again to see if I could still find few more vulnerabilities. Stored Cross Site Scripting (XSS) Vulnerability (CVE-2017-6340): I wanted to check if reports functionality had any injection vulnerabilities. I created a low privileged user ‘test2’ with Reports-Only role who could run just … Continue reading “Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities”

Sophos Secure Web Appliance Session Fixation Vulnerability

It was last month when I came across Sophos Secure Web Appliance. It’s a purpose-built secure web gateway appliance which makes web protection simple. It provides advanced protection from today’s sophisticated web malware with lightning performance that won’t slow users down. You get full control and instant insights over all web activity on your network. … Continue reading “Sophos Secure Web Appliance Session Fixation Vulnerability”

Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability

Four days ago, a potent proof-of-concept code exploiting an end-of-life software, the Microsoft Internet Information Services 6.0 was released. At this point of time – 4 days after the well publicized release of the PoC, the internet still has 607,134 publicly facing web servers! Of these, 286,068 servers are located in the United States. The March … Continue reading “Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability”

Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005

An Elevation of Privilege vulnerability in the Windows GDI component was reported to Microsoft by Lockheed Martin Computer Incident Response Team. The vulnerability is assigned Id – CVE-2017-0005 “Windows GDI Elevation of Privilege Vulnerability”. The bug was addressed in MS17-0013 along with other GDI targeted EoP vulnerabilities. According to Microsoft this exploit is used by the … Continue reading “Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005”

ACTi Cameras Multiple Security Vulnerabilities

The IP security camera industry has grown a lot over the past few years. From consumer-grade home IP security models to professional-grade models. Internet-connected video camera, or IP cameras, are widely used for security systems, offering the advantage that footage can be streamed anywhere remotely. However, anything connected to the Internet poses risks if not … Continue reading “ACTi Cameras Multiple Security Vulnerabilities”

WordPress REST API User Enumeration Abuse

WordPress is a popular, open source, blogging tool and content management system based on PHP and MySQL. According to the latest BuiltWith statistics, a total of 18,619,652 live websites use WordPress! That figure is 5% of the total internet websites! About three months ago with the advent of WordPress 4.7, support for REpresentational State Transfer … Continue reading “WordPress REST API User Enumeration Abuse”

Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability

Introduction: On March 7, 2017, Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, … Continue reading “Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability”

Chakra: Type Confusion Vulnerability – CVE-2016-7201

Introduction: Last year in the month of September, the Project Zero team from Google disclosed vulnerabilities in the Microsoft JavaScript engine Chakra. CVE-2016-7200 and CVE-2016-7201 are two such bugs that caught the limelight. Even though it’s an old bug it is worth discussing their specifics. Both of these vulnerabilities went from PoC of vulnerability to … Continue reading “Chakra: Type Confusion Vulnerability – CVE-2016-7201”