At 17:00 of May 20, NSFOCUS SOC detected an abnormal traffic alert in the global monitoring center, the IP addresses of a customer from Hong Kong were under attack and the maximum attack peak reached 634.6 Gbps. This had been the largest of all attacks targeting NSFOCUS’s customers by thetime this report was written. According […]
Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]
Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. […]
Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected […]
Tenable Research released two vulnerabilities in NVRMini2, NUUO’s Network Video Recorder software on September 17th. Risk information is as below: Reference link: https://www.tenable.com/security/research/tra-2018-25 Attack demo: https://www.youtube.com/watch?v=2EuFOZfRL4U Sketch of NVRMini2 structure: Vulnerability Description CVE-2018-1149: Unauthenticated Remote Stack Buffer Overflow The HTTP interface exposes the binary cgi_system through the http://<target>/cgi-bin/cgi_system endpoint. Much of the functionality of cgi_system […]
Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM WebSphere 8.0.0.0 – 8.0.0.15 IBM […]
On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML configurations. Also, upper action configurations […]
Tag: Apache Struts2, CVE-2018-11776, Remote Code Execution, S2-057 Severity:Critical This vulnerability can lead to remote code execution. PoC has been made publicly available and may lead to significant, extensive impact. Description On August 22, Apache disclosed a remote code execution (RCE) vulnerability that has been asigned the CVE number CVE-2018-11776. This vulnerability could be triggered […]
Emerson DeltaV DCS Workstations fixed several vulnerabilities recently, including path traversal, privilege escalation, stack-based buffer overflow, etc. The highest CVSS 3.0 base score is 9.6. Emerson has released patches to address these problems. For detailed information, please visit: https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 Description CVE-2018-14797 CVSS v3: 8.2 A specially crafted DLL file may be placed in the search […]
According to a report with NCCIC on August 13, two vulnerabilities were found in WECON LeviStudioU. They are stack-based buffer overflow vulnerability (CVE-2018-10602) and heap-based buffer overflow vulnerability (CVE-2018-10606). NSFOCUS security team and Ghirmay Desta worked with Mat Powell of Trend Micro’s Zero Day Initiative to report these vulnerabilities to NCCIC. Successful exploitation of these […]
