Introduction: An Information disclosure vulnerability was found in the Microsoft XML services, the vulnerability can be exploited to detect files on target machines. The bug is fixed in MS17-022. The exploit uses an XMLDOM object to call res (Microsoft HTML Resource pluggable protocol) URL protocol. By default the support for res protocol is disabled so if you open … Continue reading “Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022”
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities
After Trend Micro fixed the vulnerabilities I reported earlier, I started testing this product again to see if I could still find few more vulnerabilities. Stored Cross Site Scripting (XSS) Vulnerability (CVE-2017-6340): I wanted to check if reports functionality had any injection vulnerabilities. I created a low privileged user ‘test2’ with Reports-Only role who could run just … Continue reading “Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities”
Sophos Secure Web Appliance Session Fixation Vulnerability
It was last month when I came across Sophos Secure Web Appliance. It’s a purpose-built secure web gateway appliance which makes web protection simple. It provides advanced protection from today’s sophisticated web malware with lightning performance that won’t slow users down. You get full control and instant insights over all web activity on your network. … Continue reading “Sophos Secure Web Appliance Session Fixation Vulnerability”
Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability
Four days ago, a potent proof-of-concept code exploiting an end-of-life software, the Microsoft Internet Information Services 6.0 was released. At this point of time – 4 days after the well publicized release of the PoC, the internet still has 607,134 publicly facing web servers! Of these, 286,068 servers are located in the United States. The March … Continue reading “Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability”
Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005
An Elevation of Privilege vulnerability in the Windows GDI component was reported to Microsoft by Lockheed Martin Computer Incident Response Team. The vulnerability is assigned Id – CVE-2017-0005 “Windows GDI Elevation of Privilege Vulnerability”. The bug was addressed in MS17-0013 along with other GDI targeted EoP vulnerabilities. According to Microsoft this exploit is used by the … Continue reading “Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005”
ACTi Cameras Multiple Security Vulnerabilities
The IP security camera industry has grown a lot over the past few years. From consumer-grade home IP security models to professional-grade models. Internet-connected video camera, or IP cameras, are widely used for security systems, offering the advantage that footage can be streamed anywhere remotely. However, anything connected to the Internet poses risks if not … Continue reading “ACTi Cameras Multiple Security Vulnerabilities”
WordPress REST API User Enumeration Abuse
WordPress is a popular, open source, blogging tool and content management system based on PHP and MySQL. According to the latest BuiltWith statistics, a total of 18,619,652 live websites use WordPress! That figure is 5% of the total internet websites! About three months ago with the advent of WordPress 4.7, support for REpresentational State Transfer … Continue reading “WordPress REST API User Enumeration Abuse”
Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability
Introduction: On March 7, 2017, Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, … Continue reading “Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability”
Chakra: Type Confusion Vulnerability – CVE-2016-7201
Introduction: Last year in the month of September, the Project Zero team from Google disclosed vulnerabilities in the Microsoft JavaScript engine Chakra. CVE-2016-7200 and CVE-2016-7201 are two such bugs that caught the limelight. Even though it’s an old bug it is worth discussing their specifics. Both of these vulnerabilities went from PoC of vulnerability to … Continue reading “Chakra: Type Confusion Vulnerability – CVE-2016-7201”
Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability
Introduction: Google Project Zero recently disclosed an unpatched vulnerability that affects Microsoft Edge and Internet Explorer. This vulnerability is tracked as CVE-2017-0037. The disclosed PoC only demonstrates DoS attack on the target, but arbitrary code execution could also be possible. A PoC for the same is also available here. Exploit: The CVE-2017-0037 vulnerability, so-called ‘type … Continue reading “Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability”
