Posted by Zach C on Oct 08
Part 13 (the penultimate installment) of Broken, Abandoned, and
Forgotten Code is up. In this first of two parts covering post
exploitation, we cover how to customize the stage 1 firmware image the
exploit will flash onto the target. It is the job of this minimized
firmware image to bootstrap a fully functional, trojanized stage 2
firmware onto the Netgear R6200.
Here’s a link to part 13:…
Posted by ascii on Oct 08
Veeam Backup & Replication Local Privilege Escalation Vulnerability
Name Sensitive Data Exposure in Veem Backup
Systems Affected Veeam Backup & Replication (B&R) v6, v6.5, v7, v8
Severity High 7.9/10
Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vendor http://www.veeam.com/
Advisory http://www.ush.it/team/ush/hack-veeam_6_7_8/veeam.txt
Authors Pasquale…
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.
PayPal Beacon firmware fails to check signatures, has a static root password, and uses insecure transport over HTTP.