Full Disclosure

Re: 0-Day: Dahua backdoor Generation 2 and 3

Posted by bashis on Mar 20

Greetings,

With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua /
OEM units,
where knowledge comes from a report made by NSFOCUS and my own research on shodan.io.

With this knowledge, I will not release the Python PoC to the public as before said of April 5, as it is not necessary
when the PoC has already been verified by IPVM and other independent security researchers.
However,…

Full Disclosure

Re: TS Session Hijacking / Privilege escalation all windows versions

Posted by Kevin Beaumont on Mar 20

So this is a pretty big issue, which it looks like the Mimikatz guys
flagged in an all French blog post in 2011 but it flew under the radar.

I’ve written about it here:
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6#.o2af8u9op

Now, you might well say ‘If you have SYSTEM you already own the box’ – and
you’re right. But with one command…

Full Disclosure

CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

Posted by hyp3rlinx on Mar 20

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY – v029_RC2
hash: d7212fb5bc4144ef895618187f532773

Also Vulnerable: v0.30 r15
hash: eac63550f837a98d5d52d0a19d938b91

ExtraPuTTY is a fork from 0.67 version of PuTTY….

Full Disclosure

Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.

Posted by Indrajith AN on Mar 20

Title:
======

Cookie based privilege escalation in DIGISOL DG-HR1400 1.00.02 wireless router.

CVE Details:
============
CVE-2017-6896

Reference:
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6896
https://vuldb.com/sv/?id.97954
https://www.indrajithan.com/DIGISOL_router_previlage_escaltion

Credit:
======

Name: Indrajith.A.N
Website: https://www.indrajithan.com

Date:
====

13-03-2017

Vendor:
======

DIGISOL router is a…

Avast

Avast awarded for employee friendly working environment

When we moved the Prague headquarters of Avast to the beautiful new Enterprise Office Center in January 2016, we strived to create a Silicon Valley-style working environment. Popular design ideas, conceived to foster collaboration among individuals and teams, were built into the 15,000 square meter office space. At the opening of the new building, Avast CEO, Vince Steckler said, “Avast has chosen a building that reflects its open, innovative, and inspirational company culture.”

NVD

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Software and Security Information