Category Archives: Checkpoint

Checkpoint

Same-Source Weak Password Scan Over HTTP

Many HTTP servers, especially on routers and other network device, have well-known default user credentials. In many cases, these default credentials are not changed by the administrator. An attacker might scan the network in order to discover such devices, and use these default credentials to log into the system and gain complete control over the server or network device.

Vim modelines Remote Command Execution (CVE-2016-1248)

A remote code execution vulnerability exists in the modeline component of Vim due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a file containing a malicious modeline in Vim. Successful exploitation can result in arbitrary command execution in the context of the current user.