129 matches found
In-the-Wild Series: Android Post-Exploitation
This is part 5 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Maddie Stone, Project Zero A deep-dive into the implant used by a high-tier attacker against Android...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
Remote code execution
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-35948
The CVE-2020-35948 issue affects the WordPress plugin XCloner Backup and Restore (versions prior to 4.2.13). The root cause is an insecure write_file_action in xcloner_restore.php that can overwrite files (e.g., wp-config.php), enabling authenticated attackers to modify arbitrary files and achiev...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
Hardcoded credentials
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
CVE-2020-28334
Barco wePresent WiPG-1600W devices are affected by CVE-2020-28334 due to a hard-coded root password hash embedded in firmware for affected versions 2.5.1.8, 2.5.0.25, 2.5.0.24 and 2.4.1.19. Related connected CVEs (CVE-2020-28329, CVE-2020-28330, CVE-2020-28331) describe a chain of issues: a hard-...
Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers
Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed "Operation Earth Kitsune" by Trend Micro, the...
Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure
The plugin’s aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all metadata about the user, potentially exposing users’ information to an attacker or low-privileged user. This included items like the user’s hashed...
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
A new “zero-click” MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. The exploit chain,...
Race condition
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway...
CVE-2020-9475
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway...
CVE-2020-9474
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...
CVE-2020-9474
The SG 150-0 Smart Gateway from S.Siedle & Soehne is affected prior to version 1.2.4. A remote code execution exists via the backup function in the web frontend, and an attacker with network access can escalate to root on the gateway. Remediation: upgrade to version 1.2.4 or later (as cited in CN...
CVE-2020-9473
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...
CVE-2020-9473
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...