Summary: A remote code execution vulnerability has been reported in Atlassian Crowd and Crowd Data Center. The vulnerability is due to pdkinstall development plugin is incorrectly enabled in release builds. Description: Atlassian Crowd, a user management application for access control for Active Directory (AD), Lightweight Directory Access Protocol (LDAP)OpenLDAP and Microsoft Azure AD. A remote, … Continue reading “Atlassian Crowd pdkinstall Remote Code execution CVE-2019-11580”
Tag: exploit
Oracle WebLogic Deserialization Remote Code Execution Vulnerability (CNVD-C-2019-48814/CVE-2019-2725)
Oracle WebLogic is an application server used for building and hosting Java-EE applications. A highly critical remote code execution vulnerability has been discovered in Oracle WebLogic application servers running the WLS9_ASYNC and WLS-WSAT components. The vulnerability was initially disclosed by China National Vulnerability Database under the tracker number CNVD-C-2019-48814. Later the vulnerability is assigned to … Continue reading “Oracle WebLogic Deserialization Remote Code Execution Vulnerability (CNVD-C-2019-48814/CVE-2019-2725)”
Sundown Exploit Kit Attacking Microsoft Edge Browser
The Sundown Exploit Kit that first came to light in mid 2016, appears to be under aggressive development. The exploit-kit is actively attacking the Edge Browser from Microsoft shipped with Windows 10. Specifically, the exploit-kit is targeting CVE-2016-7200 and CVE-2016-7201 which Microsoft fixed with update MS16-129, released on Patch Tuesday in the month of November. The vulnerability … Continue reading “Sundown Exploit Kit Attacking Microsoft Edge Browser”
NTP CVE-2016-7434 Vulnerability Analysis
Last week, the Network Time Foundation’s NTP Project released a new version, NTP 4.2.8p9, to fix 10 security vulnerabilities. We noticed that after the new release came out, the original research published a POC for exploiting CVE-2016-7434. This blog is about the verifying the exploit published and a deep analysis about this vulnerability. NTP MRU … Continue reading “NTP CVE-2016-7434 Vulnerability Analysis”
TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)
Abstract: Few days ago, an unknown threat actor, that goes by the name “The Shadow Brokers” leaked some highly sophisticated exploits. It is alleged that the exploits leaked by “The Shadow Brokers” belong to Equation Group – an elite cyber-attack group associated with the NSA. These leaked exploits work against many routers/firewalls from prominent vendors … Continue reading “TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)”