Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
Monthly Archives: March 2017
CVE-2016-4928
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
CVE-2016-4929
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
CVE-2016-4930
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.
CVE-2016-4926
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVE-2016-4931
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
Re: 0-Day: Dahua backdoor Generation 2 and 3
Posted by bashis on Mar 20
Greetings,
With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua /
OEM units,
where knowledge comes from a report made by NSFOCUS and my own research on shodan.io.
With this knowledge, I will not release the Python PoC to the public as before said of April 5, as it is not necessary
when the PoC has already been verified by IPVM and other independent security researchers.
However,…
Re: SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
Posted by Carlos Silva on Mar 20
Hi.
It’s supposed to be fixed in SW 1.3.4:
https://dl.ubnt.com/firmwares/TOUGHSwitch/v1.3.4/changelog.txt
and XW 6.0.1:
https://dl.ubnt.com/firmwares/XW-fw/v6.0.1/changelog.txt
(don’t know about the rest of them)
Re: TS Session Hijacking / Privilege escalation all windows versions
Posted by Kevin Beaumont on Mar 20
So this is a pretty big issue, which it looks like the Mimikatz guys
flagged in an all French blog post in 2011 but it flew under the radar.
I’ve written about it here:
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6#.o2af8u9op
Now, you might well say ‘If you have SYSTEM you already own the box’ – and
you’re right. But with one command…
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
Posted by hyp3rlinx on Mar 20
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
==================
www.extraputty.com
Product:
======================
ExtraPuTTY – v029_RC2
hash: d7212fb5bc4144ef895618187f532773
Also Vulnerable: v0.30 r15
hash: eac63550f837a98d5d52d0a19d938b91
ExtraPuTTY is a fork from 0.67 version of PuTTY….