Tenable Research released two vulnerabilities in NVRMini2, NUUO's Network Video Recorder software on September 17th. Risk information is as below: Reference link: https://www.tenable.com/security/research/tra-2018-25 Attack demo: https://www.youtube.com/watch?v=2EuFOZfRL4U Sketch of NVRMini2 structure: Vulnerability Description CVE-2018-1149: Unauthenticated Remote Stack Buffer Overflow The HTTP interface exposes the binary cgi_system through the http://<target>/cgi-bin/cgi_system endpoint. Much...
Categoria: Emergency Response
Response Guide of IBM WebSphere Code Execution Vulnerability
Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM...
Technical Analysis and Solution | Apache Struts 2 Remote Code Execution Vulnerability (S2-057)
On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML...
Apache Struts 2 Remote Code Execution Vulnerability
Tag: Apache Struts2, CVE-2018-11776, Remote Code Execution, S2-057 Severity:Critical This vulnerability can lead to remote code execution. PoC has been made publicly available and may lead to significant, extensive impact. Description On August 22, Apache disclosed a remote code execution (RCE) vulnerability that has been asigned the CVE number CVE-2018-11776....
Multiple Vulnerabilities Found in Emerson DeltaV DSC Workstatios
Emerson DeltaV DCS Workstations fixed several vulnerabilities recently, including path traversal, privilege escalation, stack-based buffer overflow, etc. The highest CVSS 3.0 base score is 9.6. Emerson has released patches to address these problems. For detailed information, please visit: https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 Description CVE-2018-14797 CVSS v3: 8.2 A specially crafted DLL file may...
WECON LeviStudioU Stack-based and Heap-based Buffer Overflow Vulnerabilities
According to a report with NCCIC on August 13, two vulnerabilities were found in WECON LeviStudioU. They are stack-based buffer overflow vulnerability (CVE-2018-10602) and heap-based buffer overflow vulnerability (CVE-2018-10606). NSFOCUS security team and Ghirmay Desta worked with Mat Powell of Trend Micro’s Zero Day Initiative to report these vulnerabilities to...
