Category Archives: Advisories

Advisories

CVE-2020-14320

Read Time:9 Second

In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.

Read More

Advisories

CVE-2020-14379

Read Time:9 Second

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker’s configuration files, leading to denial of service and information disclosure.

Read More

Advisories

Win32.Ransom.BlueSky / Arbitrary Code Execution

Read Time:20 Second

Posted by malvuln on Aug 15

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.Ransom.BlueSky
Vulnerability: Arbitrary Code Execution
Description: The BlueSky ransomware looks for and executes arbitrary DLLs
in its current working directory. Therefore, we can hijack a vuln DLL,
execute our own code, control…

Read More

Advisories

Zyxel IPC 3605N & 4605N / Remote shell access

Read Time:24 Second

Posted by Eric Urban on Aug 15

Hello everyone,

I have identified that the Zyxel IPC 3605N and 4605N IP based security
cameras have multiple flaws. Combining these together leads to the ability
for an attacker to remotely install root shell access on the device.

A web server installed for UPnP purposes allows the plaintext passwords to
be retrieved by anyone. This grants access to the web administration
interface. From there, a tarball can be downloaded, modified with a…

Read More