HackDig : Dig high-quality web security articles for hackers

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations. Those include the United State
Publish At:2020-09-15 01:50 | Read:172 | Comments:0 | Tags:Cyber Security advisory incident response threat security cy

Jenkins – Groovy Sandbox breakout (SECURITY-1538 / CVE-2019-10393, CVE-2019-10394, CVE-2019-10399, CVE-2019-10400)

Recently, I discovered a sandbox breakout in the Groovy Sandbox used by the Jenkins script-security Plugin in their Pipeline Plugin for build scripts. We responsibly disclosed this vulnerability and in the current version of Jenkins it has been fixed and the according Jenkins Security Advisory 2019-09-12 has been published. In this blogpost I want to report
Publish At:2019-09-20 12:15 | Read:1135 | Comments:0 | Tags:Breaking advisory Break Out disclosure vulnerability

Security Advisories for Cisco ACI

Again, Cisco released security advisories for their software-defined networking (SDN) solution called Application Centric Infrastructure (ACI). As before (see blog post here), the published advisories originated from research performed in our ACI lab. The following advisories have been published: Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infras
Publish At:2019-09-19 17:15 | Read:1344 | Comments:0 | Tags:Breaking advisory Cisco

Multicast DNS Vulnerability Could Lead to DDOS Amplification Attacks

The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks.“I would say the most serious concern with a vulnerability li
Publish At:2015-04-01 17:30 | Read:3270 | Comments:0 | Tags:Vulnerabilities Web Security advisory cert Chad Seaman DDoS

Two Critical Siemens SCADA System Vulnerabilities Revealed

ICS-CERT has issued an advisory regarding two critical vulnerabilities in Siemens SCADA software.The SIMANTIC WinCC, SIMANTIC PCS7 and TIA Portal V13 (which includes a WinCC runtime) are all vulnerable.There are two vulnerabilities listed in the advisory that can be exploited remotely:CVE-2014-8551  The vulnerability has a CVSS score of 10. It is remotely ex
Publish At:2014-11-27 10:45 | Read:2966 | Comments:0 | Tags:Top Security Stories Vulnerability Management advisory ICS-C

New vulnerability in WordPress security plugin

New vulnerability in WordPress security plugin ThreatPost, the Kaspersky Lab security news service, reported yesterday,A smattering of bugs, mostly cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities, have been plaguing at least eight different WordPress pl
Publish At:2014-09-04 12:30 | Read:4249 | Comments:0 | Tags:News News_vulnerabilities advisory All in One High-Tech Brid

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site. Input passed to the ‘files[0][file]‘ parameter in ‘/ip_
Publish At:2014-08-13 01:56 | Read:5884 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the &#
Publish At:2014-08-13 01:56 | Read:5412 | Comments:0 | Tags:Internal admin advisory arbitrary auth code fix html inserti

Ametys CMS 3.5.2 (lang parameter) XPath Injection Vulnerability

Input passed via the ‘lang’ POST parameter in the newsletter plugin is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code. Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5162.php
Publish At:2014-08-13 01:56 | Read:3748 | Comments:0 | Tags:Internal advisory ametys CMS data injection manipulation rem

BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the ‘message’ POST parameter thru the ‘Notification Center’ extension/module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of a
Publish At:2014-08-13 01:56 | Read:4877 | Comments:0 | Tags:Internal advisory boxbilling cross-site html injection javas

Huawei Technologies du Mobile Broadband 16.0 Local Privilege Escalation

The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘F’ flag (full) for the ‘Everyone’ and ‘Users’ group, for the ‘du Mobile Broadband
Publish At:2014-08-13 01:56 | Read:4042 | Comments:0 | Tags:Internal advisory binary broadband cacls du escalation every

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

ACE Stream Media (Ace Player HD) is prone to a remote format string vulnerability because the application fails to properly sanitize user-supplied input thru the URI using the ‘acestream://’ protocol before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary
Publish At:2014-08-13 01:56 | Read:10130 | Comments:0 | Tags:Internal ace acestream address advisory code denial of servi

NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC

The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine. Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5166
Publish At:2014-08-13 01:56 | Read:4476 | Comments:0 | Tags:Internal advisory bof buffer burn ebp express file handling

NCH Software Inventoria 3.45 (id param) Reflected Cross-Site Scripting Vulnerability

The application suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the ‘id’ GET parameter in the ‘locdelete’ (JSP) script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session. Advisory: http://www.zeroscience.mk/en/vulnerabilitie
Publish At:2014-08-13 01:55 | Read:4112 | Comments:0 | Tags:Internal advisory cross-site exploit inventoria javascript j

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious w
Publish At:2014-08-13 01:55 | Read:4303 | Comments:0 | Tags:Internal advisory application crm csrf exploit flaw html inj


Tag Cloud