Oracle Releases Patches for JOLTANDBLEED Vulnerabilities

Introduction: Oracle pushed out an emergency update for vulnerabilities dubbed ‘JoltandBleed’ affecting five of its products that rely on its proprietary Jolt protocol. Two vulnerabilities (CVE-2017-10272 and CVE-2017-10269) discovered were severe and attackers can exploit these vulnerabilities without the need of valid credentials. This will allow an attacker to gain full access to all data … Continue reading “Oracle Releases Patches for JOLTANDBLEED Vulnerabilities”

D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability

It was a few months ago while working with D-Link on another issue,  I was provided with D-Link network camera, DCS-936L. According to D-Link this is a current and most popular product. This device was shipped with latest firmware, version 1.02.01 which had CSRF protection. My goal was to check if this CSRF protection could be … Continue reading “D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability”

Dell Active Roles Unquoted Service Path Vulnerability

Dell Active Roles (now Quest Active Roles) Server gives Active Directory administrators all the tools necessary to securely and efficiently manage Active Directory, overcoming the native shortcomings of AD and automates the most common AD administration tasks. Dell Active Roles uses a search path that contains an unquoted element, in which the element contains white … Continue reading “Dell Active Roles Unquoted Service Path Vulnerability”

MS Office DDE Attacks

Dynamic Data Exchange (DDE) is a protocol for exchanging messages between applications that refer shared data. The data can be exchanged on a one-time basis or as a continuous stream. DDE is not limited to just data exchange, it also allows applications to executed other external application within their process space. This feature has been … Continue reading “MS Office DDE Attacks”

Adobe Flash Player Type Confusion Vulnerability : CVE-2017-11292

A type confusion vulnerability was discovered in Adobe Flash Player version 27.0.0.159 and earlier. This vulnerability can be exploited remotely to achieve arbitrary code execution on the target machine. The type confusion occurs due to improper array index calculation. The vulnerability has been assigned CVE-2017-11292. The table below lists the affected products  Product Version OS Adobe … Continue reading “Adobe Flash Player Type Confusion Vulnerability : CVE-2017-11292”

Bad Rabbit – Ransomware

A new ransomware campaign has affected atleast 3 Russian media companies. Fontanka, Interfax are among the affected companies. The ransomware is named Bad Rabbit. The malware is delivered as fake flash installer, it uses the SMB protocol to check hardcoded credentials. Bad Rabbit does not employ any exploits to gain execution or elevation of privilege. … Continue reading “Bad Rabbit – Ransomware”

Cryptocurrency Mining JavaScript Libraries

Introduction: Cryptocurrency is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. One of the most popular cryptocurrency today is the Bitcoin. New units of cryptocurrency are generated by “mining” for them using miners. Users can … Continue reading “Cryptocurrency Mining JavaScript Libraries”

ROCA: Vulnerable RSA Key Generation [CVE-2017-15361]

The RSA keys generated using libraries from Infineon Technologies are vulnerable to practical factorization. An attacker can calculate the private key based on the structure of the generated primes. The issue affects key sizes 1204 bits and 2048 bits. The attack has been named ROCA: “Return Of Coppersmith’s Attack” and is assigned CVE-2017-15361. Coppersmith’s attacks are … Continue reading “ROCA: Vulnerable RSA Key Generation [CVE-2017-15361]”

KRACK: WPA2 Key Reinstallation Attack

Introduction Multiple key reuse vulnerabilities were discovered in the WPA2 protocol. This is a novel attack technique that has been named as KRACK – Key Reinstallation Attacks. The attack exploits a weakness in the WPA2 4-way handshake, it allows  key reuse attacks against the client. This can cause the underlying encryption protocol to use known/used … Continue reading “KRACK: WPA2 Key Reinstallation Attack”

Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629

Introduction Two Critical vulnerabilities have been reported in the Apache Solr distributions. These vulnerabilities were found in the latest distribution of Apache Solr. One of which is an XML External Entity (XXE) Processing and the other allows remote code execution using one of the publicly exposed API. It has been assigned CVE-2017-12629. The two vulnerabilities could … Continue reading “Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629”