Threat Advisory

Tue
26
Sep

Critical Vulnerability on Apache Struts 2.5 to 2.5.12 [CVE-2017-9805]

Vulnerability Overview:
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Details:

Thu
27
Jul

"Broadpwn" Bug Affects Millions of Android and iOS Devices- Advisory [CVE-2017-9417]

Vulnerability Overview:

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

Details:

Broadpwn bug is actually a heap overflow on Broadcom Wi-Fi chips which is triggered, when a device receives a WME (Quality-of-Service) information element with a malformed length from a connected network. The exploitation does not require any user interaction. A victim needs to connect his/her device to attacker wi-fi signal.

Tue
16
May

WannaCry Ransomware – Advisory [CVE-2017-0144]

Vulnerability Overview:

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

Details:

Fri
05
May

Tenable Appliance Vulnerability [CVE-2017-8051]

Vulnerability Overview:

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Details:

Thu
06
Apr

Struts Vulnerability [CVE-2017-5638]

Vulnerability Overview:

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

Details:

Wed
04
May

Windows SAM and LSAD Downgrade Vulnerability (Badlock) Advisory [CVE-2016-0128]

Vulnerability Overview:

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka “Windows SAM and LSAD Downgrade Vulnerability” or “BADLOCK”.

Details:

Thu
14
Apr

Drown Attack [CVE-2016-0800]

Vulnerability Overview:

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Details:

Pages

Subscribe to RSS - Threat Advisory