Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

Google Releases Security Updates for Chrome, CVE-2020-16009

Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Microsoft Windows Uninitialized Variable Local Privilege Escalation Exploit

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing...

Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...

CVE-2020-1472/Zerologon. As an IT manager should I worry?

TL;DR Yes, apply the update from Microsoft. The new MS08-067? CVE-2020-1472 is an elevation of privilege vulnerability in a cryptographic authentication scheme used by the Netlogon service and was discovered and named Zerologon by Tom Tervoort at Secura. It does not require authentication. It can...

Pearson Vue VTS 2.3.1911 Unquoted Service Path

Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...

Oracle E-Business File Disclosure

File disclosure vulnerability in Oracle E-Business bscpgraph.jsp Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Peplink Balance routers SQLi

Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to retrieve the cookies of authenticated users, bypassing the web portal...

CVE-2020-1472 aka Zerologon

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...

MMS Exploit Part 5: Defeating Android ASLR, Getting RCE

Posted by Mateusz Jurczyk, Project Zero This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. Previous posts are...

A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a...

A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a...

Researcher Publishes Patch Bypass for vBulletin 0-Day

A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation,” Austin-bas...

Bolt CMS 3.7.0 XSS / CSRF / Shell Upload

Bolt CMS = 3.7.0 Multiple Vulnerabilities Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2020-03-24 Vendor : https://bolt.cm/ Version : = 3.7.0 CVE : CVE-2020-4040, CVE-2020-4041 Last Modified: 2020-07-03 -- Table of Contents 00 - Introduction 01 - Exploit 02 - Cross-Site Request...

CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. Recent...

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...

CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details:...

HP LinuxKI 6.01 - Remote Command Injection

Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...

Mail.ru: User session access due to Oauth whitelist host bypass and postMessage

A destination for postMessage was not properly restricted on connect.mail.ru allowing crossite access to session, as was shown for 3k.mail.ru application session. Both connect.mail.ru and 3k.mail.ru belong to Ext.B scope, this scope does not offer a bounty for attacks with clientside vectors on t...

Exploit for Path Traversal in Zohocorp Manageengine_Opmanager

CVE-2020-12116 Proof of concept code to exploit CVE-2020-1211...