zero day – Page 4 – Qualys ThreatPROTECT

ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)

Posted by Dhiren Vaghela on March 11, 2020June 6, 2020

Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”

Microsoft Visual Studio 2008 Express IDE XML Injection Vulnerability (Zero Day)

Posted by Rupesh More on December 26, 2019June 6, 2020

Summary: Recently, a security researcher disclosed a XML External Entity Injection Zero Day in Microsoft Visual Studio 2008 Express IDE. It can allow remote attackers to grap files from the victims computer, sending them to the remote attackers server. Affected Product:Visual Studio 2008 Express IDE Security Issue:Visual Studio 2008 IDE vulnerable to XML External Entity … Continue reading “Microsoft Visual Studio 2008 Express IDE XML Injection Vulnerability (Zero Day)”

Vbulletin remote code execution vulnerability

Posted by Dhiren Vaghela on October 10, 2019June 7, 2020

Summary: vBulletin 5.x are prone to remote code execution vulnerability. (CVE-2019-16759). It can be exploited without authentication and takes control of web hosts. Description: vBulletin is a proprietary Internet forum software package sold by MH Sub I, LLC doing business as vBulletin. It uses PHP and uses a MySQL database server. A pre-authentication remote code … Continue reading “Vbulletin remote code execution vulnerability”

Microsoft Windows Privilege Escalation vulnerabilities CVE-2019-1132 & CVE-2019-0880

Posted by Dhiren Vaghela on July 15, 2019June 7, 2020

Summary: In the month of July 2019, MSPT have several vulnerabilities including windows kernel, win32K, unistore.dll, Hyper-V, Windows WLAN service, Windows Audio service, Windows RPCSS, DirectX, windows dnslvr.dll in Microsoft Windows. Out of them two zero days were identified for actively Attacked Privilege Escalation vulnerabilities (CVE-2019-1132 and CVE-2019-0880) in Win32k and splwow64 that have been … Continue reading “Microsoft Windows Privilege Escalation vulnerabilities CVE-2019-1132 & CVE-2019-0880”

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability (Zero Day)

Posted by Mandar Jadhav on August 30, 2018September 18, 2018

A security researcher has publicly disclosed the details of a zero-day vulnerability in Microsoft Windows operating system. It’s a privilege escalation vulnerability, which resides in the Windows task scheduler program and occurred due to errors in the handling of Advanced Local Procedure Call (ALPC) systems. The ALPC interface is a Windows-internal mechanism that works as … Continue reading “Microsoft Windows Task Scheduler Privilege Escalation Vulnerability (Zero Day)”

Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878

Posted by Deepak Shanker on February 1, 2018February 15, 2018

A Zero Day vulnerability in Adobe Flash player has been discovered in the wild. The bug is a use after free vulnerability in the Adobe Flash MediaPlayer DRM management API, it can be exploited to achieve remote code execution. CVE-2018-4878 has been assigned to track this vulnerability. The affected versions are Adobe Flash Player ActiveX … Continue reading “Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878”

Apple MacOS High Sierra ‘root’ Access With No Password

Posted by Mandar Jadhav on November 28, 2017December 6, 2017

A critical security flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The consequences could be serious. Anyone having physical access to the system can log in to your user account, unlock your keychain and reveal your passwords, turn off FileVault, OS … Continue reading “Apple MacOS High Sierra ‘root’ Access With No Password”

.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759

Posted by Deepak Shanker on September 12, 2017September 12, 2017

A Zero-day vulnerability in the .NET framework is being actively exploited in the wild. The vulnerability has been assigned CVE-2017-8759. Exploiting this vulnerability results in the remote code execution on the target machine. The attack was disclosed by FireEye. The vulnerability is being used to distribute FINSPY malware. The affected .NET versions are listed below … Continue reading “.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759”

ShadowBrokers NSA Tool Dump

Posted by Deepak Shanker on April 14, 2017February 5, 2018

On Friday, April 14, 2017 – The mysterious hacking group ShadowBrokers released over 300MB of NSA hacking tools and exploits. The dump is hosted as a Yandex disk with password “Reeeeeeeeeeeeeee”. The current dump contains 3 folders oddjob, windows, swift as described below, and a detailed list of the contents can be found here. oddjob An implant builder … Continue reading “ShadowBrokers NSA Tool Dump”

Windows OLE Zero-Day Vulnerability

Posted by Deepak Shanker on April 10, 2017August 1, 2017

An exploit for an unpatched Windows OLE vulnerability has been observed in the wild. The user opens a document containing the embedded exploit, which executes a Visual Basic script. The vulnerability was initially reported by Ryan Hanson . As per McAfee the earliest attack were observed in late January 2017. The exploit works against all Microsoft … Continue reading “Windows OLE Zero-Day Vulnerability”