- Advertisement -
Current Threats
[papers] Sony PlayStation Vita (PS Vita) – Trinity: PSP Emulator Escape[local] Tuneclone 2.20 – Local SEH Buffer Overflow[webapps] WebERP 4.15 – SQL injection[webapps] BlogEngine.NET 3.3.6/3.3.7 – XML External Entity Injection[dos] Linux – Use-After-Free via race Between modify_ldt() and #BR Exception[remote] Cisco Prime Infrastructure Health Monitor – TarArchive Directory Traversal (Metasploit)[local] Cisco Prime Infrastructure – Runrshell Privilege Escalation (Metasploit)[papers] Threat Hunting – Hunter or Hunted[remote] EA Origin < 10.5.38 – Remote Code ExecutionVuln: Microsoft Internet Explorer CVE-2019-0995 Security Bypass VulnerabilityVuln: IBM Tririga Application Platform CVE-2018-2008 Unspecified Information Disclosure VulnerabilityVuln: Cisco Prime Service Catalog CVE-2019-1875 Cross Site Scripting VulnerabilityVuln: Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass VulnerabilityUbuntu Security Notice USN-4023-1Vuln: Pulse Connect Secure and Pulse Policy Secure Multiple Security VulnerabilitiesVuln: Samba CVE-2019-12436 Remote Denial of Service VulnerabilityVuln: Samba CVE-2019-12435 Remote Denial of Service Vulnerability[webapps] RedwoodHQ 2.5.5 – Authentication Bypass[webapps] CleverDog Smart Camera DOG-2W / DOG-2W-V4 – Multiple Vulnerabilities[shellcode] Linux/x86 – Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)[dos] HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write[local] Exim 4.87 – 4.91 – Local Privilege Escalation[dos] Netperf 2.6.0 – Stack-Based Buffer Overflow[local] Microsoft Windows – UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)[remote] AROX School-ERP Pro – Unauthenticated Remote Command Execution (Metasploit)[webapps] Spring Security OAuth – Open Redirector[dos] Thunderbird ESR < 60.7.XXX – Type ConfusionUbuntu Security Notice USN-4018-1[dos] Thunderbird ESR < 60.7.XXX – 'icalmemorystrdupanddequote' Heap-Based Buffer OverflowCisco Prime Infrastructure Runrshell Privilege Escalation[dos] Thunderbird ESR < 60.7.XXX – 'parser_get_next_char' Heap-Based Buffer OverflowCisco Prime Infrastructure Health Monitor TarArchive Directory Traversal[dos] Thunderbird ESR < 60.7.XXX – 'icalrecur_add_bydayrules' Stack-Based Buffer OverflowKernel Live Patch Security Notice LSN-0052-1[webapps] Sahi pro 7.x/8.x – Directory TraversalVuln: Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability[webapps] Sahi pro 8.x – SQL InjectionVuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability[webapps] Sahi pro 8.x – Cross-Site Scripting[shellcode] Linux/x86_64 – execve(/bin/sh) Shellcode (22 bytes)[local] Serv-U FTP Server < 15.1.7 – Local Privilege Escalation[webapps] BlogEngine.NET 3.3.6/3.3.7 – ‘dirPath’ Directory Traversal / Remote Code Execution[webapps] BlogEngine.NET 3.3.6/3.3.7 – ‘theme Cookie’ Directory Traversal / Remote Code ExecutionVuln: Mozilla Firefox and Firefox ESR CVE-2019-11707 Denial of Service VulnerabilityVuln: Apache Allura CVE-2019-10085 HTML Injection VulnerabilityUbuntu Security Notice USN-4017-2Ubuntu Security Notice USN-4017-1Linux / FreeBSD TCP-Based Denial Of ServiceSahi Pro 7.x / 8.x Directory TraversalSahi Pro 8.x SQL InjectionSahi Pro 8.x Cross Site ScriptingVuln: WhatsApp CVE-2018-6350 Out of Bounds Read Denial of Service VulnerabilityBlogEngine.NET 3.3.7 Directory Traversal / Remote Code ExecutionVuln: IBM Cloud Private Platform CVE-2019-4142 Cross Site Request Forgery VulnerabilityVuln: Cisco Identity Services Engine CVE-2018-0187 Information Disclosure VulnerabilityVuln: Google Chrome CVE-2019-5842 Remote Security VulnerabilityVuln: QEMU ‘tcp_subr.c’ Local Heap Buffer Overflow Vulnerability[local] CentOS 7.6 – ‘ptrace_scope’ Privilege Escalation[papers] Active Directory Enumeration with PowerShell[local] Aida64 6.00.5100 – ‘Log to CSV File’ Local SEH Buffer OverflowActive Directory Enumeration With PowerShellAida64 6.00.5100 SEH Buffer OverflowCentOS 7.6 ptrace_scope Privlege EscalationThunderbird libical Heap OverflowThunderbird libical icalparser.c Heap OverflowThunderbird libical Stack Buffer OverflowThunderbird libical Type ConfusionOracle Java Card SE-2019-01 Issues 1-18Oracle Java Card SE-2019-01 Issues 20-25Oracle Java Card SE-2019-01 Issues 26-32Gemalto Java Card SE-2019-01 Issues 19 And 33Gemalto Java Card SE-2019-01 Issue 34Java Card Proof Of ConceptsDell EMC Avamar ADMe Web UI 1.0.50 / 1.0.51 Local File InclusionOpenSCAP Libraries 1.3.1Tzumi Electronics Klic Lock Authentication Bypass[local] ProShow 9.0.3797 – Local Privilege Escalation[webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution[webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery[webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting[remote] Webmin 1.910 – ‘Package Updates’ Remote Command Execution (Metasploit)[webapps] FusionPBX 4.4.3 – Remote Command Execution[papers] LDAP Swiss Army Knife[webapps] Sitecore 8.x – Deserialization Remote Code Execution[local] Pronestor Health Monitoring < 8.1.11.0 – Privilege EscalationAPCUPSD Information LeakWAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded CredentialsVuln: RETIRED: Microsoft Windows Task Scheduler CVE-2019-1069 Local Privilege Escalation VulnerabilityVuln: Apache HTTP Server CVE-2019-0220 Remote Security VulnerabilityVuln: Apache HTTP Server CVE-2019-0197 Denial of Service VulnerabilityVuln: Apache httpd CVE-2019-0196 Security Bypass VulnerabilityVuln: Microsoft Windows CVE-2019-1064 Local Privilege Escalation VulnerabilityVuln: Cisco IOS XE Software CVE-2019-1904 Cross Site Request Forgery VulnerabilityFalco 0.15.2Vuln: Linux Kernel Security Bypass and Heap Buffer Overflow VulnerabilitiesVuln: Broadcom WiFi Chipset Drivers Multiple Heap Buffer Overflow VulnerabilitiesVuln: Google Android System Component Multiple Security VulnerabilitiesVuln: SAP Solution Manager CVE-2019-0291 Local Information Disclosure VulnerabilityWampserver 3.1.8 Cross Site Request ForgeryUbuntu Security Notice USN-4014-1

Cyber Watch

- Advertisement -

Deeper Learning