Wed, 18 Jul 2018 22:22:00 GMT
AntiVirus Evasion With Metasploit's Web Delivery
Whitepaper called AntiVirus Evasion with Metasploit's Web Delivery - Leveraging PowerShell to Execute Arbitrary Shellcode.
Tue, 17 Jul 2018 02:51:07 GMT
Debian Security Advisory 4250-1
Debian Linux Security Advisory 4250-1 - A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.
Mon, 16 Jul 2018 23:33:33 GMT
QNAP Q'Center change_passwd Command Execution
This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.
Mon, 16 Jul 2018 20:22:22 GMT
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.
Mon, 16 Jul 2018 14:27:27 GMT
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have undocumented and hidden features present via the web management interface. These features allow an authenticated attacker to take full control of the device and/or modify internal OS settings, read arbitrary files or even render the device unusable. Many versions are affected.
Mon, 16 Jul 2018 14:14:13 GMT
Debian Security Advisory 4246-1
Debian Linux Security Advisory 4246-1 - Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.
Thu, 12 Jul 2018 22:00:14 GMT
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway CSRF
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems allow users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Many versions are affected.
Thu, 12 Jul 2018 21:54:45 GMT
Apache CouchDB Arbitrary Command Execution
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Thu, 12 Jul 2018 21:48:57 GMT
RSA Identity Governance And Lifecycle Bypass / XSS
Thu, 12 Jul 2018 21:48:49 GMT
Red Hat Security Advisory 2018-2186-01
Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
Thu, 12 Jul 2018 21:45:18 GMT
Red Hat Security Advisory 2018-2185-01
Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.
Thu, 12 Jul 2018 21:45:09 GMT
Red Hat Security Advisory 2018-2187-01
Red Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.
Wed, 11 Jul 2018 22:07:07 GMT
Red Hat Security Advisory 2018-2184-01
Red Hat Security Advisory 2018-2184-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security fix: ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs Issues addressed include an information leakage vulnerability.
Wed, 11 Jul 2018 02:48:28 GMT
Red Hat Security Advisory 2018-2175-01
Red Hat Security Advisory 2018-2175-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 18.104.22.168. Issues addressed include code execution and information leakage vulnerabilities.
Thu, 05 Jul 2018 22:34:00 GMT
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies to write a file to disk and execute that file as the "nobody" user. The third and final stage occurs when the file executed as "nobody" writes an entry into the database that causes QRadar to execute a shell script controlled by the attacker as root within the next minute. Details about these vulnerabilities can be found in the advisories listed in References. The Forensics web application is disabled in QRadar Community Edition, but the code still works, so these vulnerabilities can be exploited in all flavors of QRadar. This Metasploit module was tested with IBM QRadar CE 7.3.0 and 7.3.1. IBM has confirmed versions up to 7.2.8 patch 12 and 7.3.1 patch 3 are vulnerable. Due to payload constraints, this module only runs a generic/shell_reverse_tcp payload.
Wed, 04 Jul 2018 19:32:22 GMT
Debian Security Advisory 4241-1
Debian Linux Security Advisory 4241-1 - It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.
Wed, 04 Jul 2018 17:22:22 GMT
ADB Group Manipulation Privilege Escalation
An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via "debug", "upgrade", "upload" etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
Tue, 03 Jul 2018 23:44:00 GMT
ADB Authorization Bypass
Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
Tue, 03 Jul 2018 10:10:00 GMT
Debian Security Advisory 4239-1
Debian Linux Security Advisory 4239-1 - Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.
Fri, 29 Jun 2018 00:01:47 GMT
Debian Security Advisory 4237-1
Debian Linux Security Advisory 4237-1 - Several vulnerabilities have been discovered in the chromium web browser.
Fri, 29 Jun 2018 00:01:30 GMT
Red Hat Security Advisory 2018-2112-01
Red Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
Fri, 29 Jun 2018 00:01:05 GMT
Red Hat Security Advisory 2018-2113-01
Red Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
Thu, 28 Jun 2018 23:23:23 GMT
Debian Security Advisory 4235-1
Debian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
Tue, 26 Jun 2018 23:49:12 GMT
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
Raptor WAF 0.5
Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
view page: 234