Microsoft Word 2016 – Deceptive File Reference

Security Issue When a MS Word “.docx” File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another “empty” file of […]

Read More

HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write

CVE ID CVE-2019-12323 Product HC10 HC.Server Service 10.14 HC10 is a unified hosting automation control panel for web hosts and Cloud based service providers to manage both Windows & Linux servers simultaneously as part of a single cluster. HC works on an N-tier user model. Security Issue The HC.Server service in Hosting Controller HC10 10.14 […]

Read More

Windows CVE-2019-1040 – NTLM Tampering

Description A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka ‘Windows NTLM Tampering Vulnerability’. Influence system Windows 7 sp1 – Windows 10 1903 Windows Server 2008 – Windows Server 2019 Proof of concepts I’ve updated ntlmrelayx (part of impacket) to have […]

Read More

MyBB 1.8.21 CVE-2019-12831 – Stored XSS to RCE

Description In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css […]

Read More

WhatsApp iOS CVE-2018-20655 – Stack-Based Overflow

Description When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24. Affected Versions This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS […]

Read More

Apache HTTP Server CVE-2019-0220 – Remote Security

Description When the path component of a request URL contains multiple consecutive slashes (‘/’), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. Solution apache-httpd-upgrade-2_4_39 References http://httpd.apache.org/security/vulnerabilities_24.html

Read More

Apache httpd CVE-2019-0196 – Security Bypass

Description The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_http2. Review your web server configuration for validation. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process […]

Read More