Summary: In third week of February,2020, after MSPT, an out-of-bounds (OOB) write vulnerability was observed in Adobe Media Encoder that leads to arbitrary code execution. This vulnerability was observed only for Microsoft Windows platform. Description: Adobe Media Encoder, is a software for encoding and compressing audio or video files. When the untrusted input is processed, … Continue reading “Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)”
Tag: Remote Code Execution
Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)
Summary: In the month of February,2020, among MSPT, a remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. On account of this vulnerability, an attacker could execute arbitrary code as well as compromise a legitimate server and perform CnC operation. Description: An attacker would need … Continue reading “Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)”
Webmin Remote Code Execution Vulnerability
Webmin version 1.882 to 1.921 is vulnerable to Unauthenticated Remote Code Execution Vulnerability. This vulnerability exists in the reset password function that allows a malicious attacker to execute malicious code due to lack of input validation. The targets which have the setting “user password change enabled” are exploitable. This vulnerability has been assigned CVE-2019-15107. Vulnerability … Continue reading “Webmin Remote Code Execution Vulnerability”
Atlassian Jira Server Template Injection Vulnerability
Atlassian Jira Server and Data Center is vulnerable to a server-side template injection in various resources. This vulnerability was introduced in version 4.4.x and affects versions as recent as 8.2.2 (released on 13 June 2019). CVE-2019–11581 has been assigned to track this vulnerability. Thousands of Jira Servers are potentially affected by this vulnerability and may … Continue reading “Atlassian Jira Server Template Injection Vulnerability”
Cisco Webex Update Service Command Injection Vulnerability : CVE-2018-15442
A command injection vulnerability has been disclosed in Cisco Webex. Upon successful exploitation an attacker can execute arbitrary commands on the target machine. The vulnerability has been assigned CVE-2018-15442. The vulnerability has been named ‘WebExec‘. Cisco has addressed this issue in cisco-sa-20181024-webex-injection. The issue affects All Cisco Webex Meetings Desktop App releases prior to 33.6.0. … Continue reading “Cisco Webex Update Service Command Injection Vulnerability : CVE-2018-15442”
Apache Struts 2 namespace Remote Code Execution Vulnerability: CVE-2018-11776
A remote code execution vulnerability was discovered in Apache Struts 2. The vulnerability in being tracked via CVE-2018-11776. Upon successful exploitation an attacker can gain remote execution on the target and ultimately take over the target machine. The issue affect all versions of Apache Struts 2, possibly even fixed versions where the settings are mis-configured. Apache has … Continue reading “Apache Struts 2 namespace Remote Code Execution Vulnerability: CVE-2018-11776”
Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893
A deserialization vulnerability in Oracle WebLogic has been disclosed by multiple 3rd party researchers and organizations. The vulnerability allows unauthenticated attackers to compromise WebLogic server via T3 protocol. The affected component is WLS Core components. Upon successful exploitation an attacker can take over the target server via remote code execution .CVE-2018-2893 has been assigned to … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893”
JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267
A zero-day vulnerability in the JScript has been disclosed to Microsoft. CVE-2018-8267 has been assigned to track this vulnerability. Microsoft has accepted the disclosure, the advisory addressing the issue has been released. It is a use-after-free vulnerability in Windows JScript, the vulnerability is due to improper handling of error objects by JScript. Upon successful exploitation an attacker can gain … Continue reading “JScript Error Object Use-After-Free Vulnerability : CVE-2018-8267”
Git RCE Vulnerability : CVE-2018-11235
A remote code execution in Git has been discovered. CVE-2018-11235 has been assigned to track this vulnerability. Git 2.17.1 and Git for Windows 2.17.1 (2) address this vulnerability. Vulnerability submodule “names” from .gitmodule files are appended to $GIT_DIR/modules for on-disk repository paths. When we git clone a repository not all configuration files and hooks are received from … Continue reading “Git RCE Vulnerability : CVE-2018-11235”
Internet Explorer VBScript Use-After-Free Vulnerability: CVE-2018-8174
A Zero-Day vulnerability in VBScript was disclosed to Microsoft. The vulnerability was discovered as an active attack in the wild. The bug is in the VBScript engine used in Windows. Its classified as a Use-After-Free (UAF) vulnerability. CVE-2017-8174 is assigned to track this bug. Currently attackers are exploiting this vulnerability to execute shellcode and PowerShell … Continue reading “Internet Explorer VBScript Use-After-Free Vulnerability: CVE-2018-8174”