2019
06.18

Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities.

more details here.

2019
06.18

RedwoodHQ version 2.5.5 suffers from an authentication bypass vulnerability.

more details here.

2019
06.18

This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.

more details here.

2019
06.18

Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.

more details here.

2019
06.18

When a Microsoft Word “.docx” File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another “empty” file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.

more details here.

2019
06.18

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling “sc start HCServerService”. Services failure flag recovery options for “enabling actions for stops or errors” and can be set in the services “Recovery” properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.

more details here.

2019
06.18

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. “import_stud.php” and “upload_fille.php” do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.

more details here.

2019
06.18

Netperf 2.6.0 Buffer Overflow

Netperf version 2.6.0 suffers from a stack-based buffer overflow.

more details here.

2019
06.18

Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.

more details here.

2019
06.16

http://www.bayaolocal.go.th notified by Dev19Feb

mirror site here.