PRYTEK meetup: Breach and Attack Simulation or Automated Pentest?

Last Tuesday, November 27, I spoke at "Business Asks for Cyber Attacks" meetup organized by PRYTEK investment platform. The event was held at the PRYTEK Moscow office in a beautiful XIX century building of a former textile manufactory. The goal of the meetup was to talk about new approaches in...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

CVE-2018-4020

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

CVE-2018-1002000

CVE-2018-1002000 describes an authenticated blind SQL injection in the WordPress plugin Arigato Autoresponder and Newsletter (versions up to 2.5.1.8). The vulnerability is triggered via the POST parameter del_ids and requires administrative privileges to exploit. Impact is SQL injection with part...

Null pointer dereference

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

CVE-2018-4039

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a...

Information disclosure

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

Denial of service

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

CVE-2018-3948

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

CVE-2018-3948

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

INVT Electric VT-Designer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...

CVE-2018-18439

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...

CVE-2018-18439

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...

CVE-2018-18439

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...

CVE-2018-18440

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled...

CVE-2018-8009

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...

CVE-2018-19185

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoderencodeOctetString in mms/asn1/berencoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1097)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...