WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project:...

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...

CVE-2018-18975

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...

CVE-2018-18569

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

Remote Code Execution and Database Write Vulnerabilities in Zabbix

zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class open source solutions . A remote code execution vulnerability exists in the trapper command feature in Zabbix version 2.4.x. A specific packet can cause a command...

Shopify: Multiple issues on Checkout Process

Description While reviewing the Shopify POS application we found that the application was encrypting the CHD information, but it was leaving the amount outside of the payload and the post lacked any sort of HMAC signature preventing replay attacks. In addition, given the application does not...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...

IRM Security Advisory 9

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...

Multiple IKE bugs

Type of cerificate is not checked. If XAUTH if used in IKE phase I, it's possible to user proxy attack for challenge-response based authentication...

Possible Watchguard Firebox II DoS

Hi, i've recently played with the Watchguard Firebox II firewall and discovered a nasty behaviour. Launching a simple connect flooder against the ftp proxy of the firewall i haven't tested other services the port hangs and so do all other services also the watchguard remote administration daemon,...