Polycom HDX Series RCE

When doing external assessments you spend a decent amount of time footprinting your target and finding possible avenues of attack. Given a large corporate, you are pretty likely to hit video conferencing end-points. This post details a vulnerability in one of these video conferencing systems, the...

How To check Per-App VPN Works on iOS?

The article describes how to validate the proper functionality of Per-App VPN on iOS...

techz.vn XSS vulnerability

Open Bug Bounty ID: OBB-441028 Description| Value ---|--- Affected Website:| techz.vn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

GHSA-RPH7-J9QR-H8Q8 Potential Command Injection in codem-transcode

When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...

reviveourhearts.com XSS vulnerability

Vulnerable URL: https://www.reviveourhearts.com/search//"'--!confirm/OPENBUGBOUNTY/...

Secure Mail ActiveSync redirect 451

When migrating Exchange server for example from On-Premise Exchange to Office 365. Is it possible to have the Exchange server sending an HTTP 451 ActiveSync Redirect to point Secure Mail to the new server without installing a new instance of Secure Mail? Yes: The HTTP 451 is the supported mechani...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

General data-binding functionality for Jackson: works on core streaming API...

Circle with Disney configure.xml Notifications Command Injection Vulnerability(CVE-2017-2917)

Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...

Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)

Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...

CVE-2017-16616

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An attacker can...

CVE-2017-2917

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...

Design/Logic Flaw

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to...

Trend Micro InterScan Messaging Security modTMCSS Command Injection (CVE-2017-11391; CVE-2017-11394)

A command injection vulnerability exists in Trend Micro InterScan Messaging Security virtual appliance. The vulnerability is due to improper validation of request parameters within the modTMCSS Proxy functionality. A remote, authenticated attacker could exploit the vulnerability by sending a...

dutchesstourism.com XSS vulnerability

Open Bug Bounty ID: OBB-385509 Description| Value ---|--- Affected Website:| dutchesstourism.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

Google Android integer overflow vulnerability (CNVD-2017-33107)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An integer overflow vulnerability exists in the debugging functionality in Android. A remote attacker can exploit this vulnerability to cause a denial of service, obtain sensitive...

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution Exploit

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation class 185, Warbird functionality. Windows 10 Creators Update 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation class 185, Warbird functionality...