Vulnerabilities
Vulnerability Research

Finding and Fixing OpenSSH Privilege Separation Monitor Weakness, a High Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding OpenSSH Privilege Separation Monitor WeaknessPenetration Testing (Pentest) for this VulnerabilitySecurity updates on OpenSSH Privilege Separation Monitor WeaknessDisclosures related to OpenSSH Privilege Separation Monitor WeaknessConfirming the Presence of OpenSSH Privilege Separation Monitor WeaknessFalse positive/negativesPatching...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09) , a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Vulnerabilities in Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09) Penetration Testing (Pentest) for this Vulnerability Security updates on Vulnerabilities in Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09) Disclosures related to Vulnerabilities in...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11) , a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11) Penetration Testing (Pentest) for this Vulnerability Security updates on Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11) Disclosures related to Vulnerabilities in...
Vulnerability Management
Vulnerability Research

Finding and Fixing Insecure Library Loading Allows Code Execution (KB2269637) Vulnerability, a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Insecure Library Loading Allows Code Execution (KB2269637) Penetration Testing (Pentest) for this Vulnerability Security updates on Insecure Library Loading Allows Code Execution (KB2269637) Disclosures related to Insecure Library Loading Allows Code Execution (KB2269637) Confirming the Presence of Insecure...
Vulnerability Management
Vulnerability Research

Finding and Fixing Internet Explorer 8 Allows Code Execution(KB2847140) , a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Vulnerability in Internet Explorer 8 Allows Code Execution (KB2847140) Penetration Testing (Pentest) for this Vulnerability Security updates on Vulnerability in Internet Explorer 8 Allows Code Execution (KB2847140) Disclosures related to Vulnerability in Internet Explorer 8 Allows Code Execution (KB2847140...
Vulnerability Management
Vulnerability Research

Finding and Fixing Cisco SSH Malformed Packet DoS Vulnerability, a High Risk Vulnerability

Tue, 09/24/2019
Cisco SSH Malformed Packet DoS is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Cisco SSH Malformed Packet DoSTest ID:2092Risk:HighCategory:Network devicesType:AttackSummary:It is...
Vulnerability Management
Vulnerability Research

Finding and Fixing Combined Security Update (MS12-034) , a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Combined Security Update (MS12-034) Penetration Testing (Pentest) for this Vulnerability Security updates on Combined Security Update (MS12-034) Disclosures related to Combined Security Update (MS12-034) Confirming the Presence of Combined Security Update (MS12-034) False positive/negatives ...
Vulnerability Management
Vulnerability Research

Finding and Fixing .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039), a High Risk Vulnerability

Tue, 09/24/2019
Vulnerability in .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039) is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Vulnerability in .NET Framework and...
Vulnerability Management
Vulnerability Research

Finding and Fixing Apache APR apr_palloc Heap Overflow, a High Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding Apache APR apr_palloc Heap OverflowPenetration Testing (Pentest) for this VulnerabilitySecurity updates on Apache APR apr_palloc Heap OverflowDisclosures related to Apache APR apr_palloc Heap OverflowConfirming the Presence of Apache APR apr_palloc Heap OverflowFalse positive/negativesPatching/Repairing this vulnerabilityExploits...
Vulnerability Management
Vulnerability Research

How to Find and Fix the Mountable NFS Shares Vulnerability (High Risk)

Tue, 09/24/2019
Mountable NFS Shares is a high-risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely. As NFS Exported Share Information Disclosures outline, successful exploitation will allow remote attackers to mount an NFS file system...
Vulnerability Management
Vulnerability Research

Finding and Fixing OpenSSL Running Version Prior to 0.9.8zc POODLE, a High Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding OpenSSL Running Version Prior to 0.9.8zc (POODLE) Penetration Testing (Pentest) for this Vulnerability Security updates on OpenSSL Running Version Prior to 0.9.8zc (POODLE) Disclosures related to OpenSSL Running Version Prior to 0.9.8zc (POODLE) Confirming the Presence of OpenSSL Running Version Prior...
Vulnerability Management
Vulnerability Research

Finding and Fixing OpenSSH Trusted X11 Cookie Connection Policy Bypass, a High Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding OpenSSH Trusted X11 Cookie Connection Policy BypassPenetration Testing (Pentest) for this VulnerabilitySecurity updates on OpenSSH Trusted X11 Cookie Connection Policy BypassDisclosures related to OpenSSH Trusted X11 Cookie Connection Policy BypassConfirming the Presence of OpenSSH Trusted X11 Cookie Connection Policy BypassCommon...
Vulnerability Management
Vulnerability Research

Finding and Fixing Microsoft Windows HTTP.sys Code Execution, a High Risk Vulnerability

Tue, 09/24/2019
Microsoft Windows HTTP.sys Code Execution is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least April 14, 2015, but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Name:Microsoft Windows HTTP.sys Code Execution VulnerabilityAVDS Test ID: 17596Risk Level...
Vulnerability Management
Vulnerability Research

BlueKeep Vulnerability – Patch Now, Patch Again

Wed, 06/19/2019
With the May 2019 Patch Tuesday release from Microsoft, it was revealed a number of older Microsoft operating systems are vulnerable to a condition known as BlueKeep (CVE-2019-0708). BlueKeep is a Remote Code Execution (RCE) flaw in Remote Desktop Services (RDS)/Remote Desktop Protocol (RDP) allowing code to run with system level access and is potentially “wormable” making it possible for an...
Vulnerability Management
Vulnerability Research

SoftNAS Cloud® Zero-day Blog

Wed, 03/20/2019
A vulnerability has been identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.SoftNAS has provided a patch for the vulnerability identified on the application. The...
Vulnerability Management
Vulnerability Research

Analysis of NUUO NVRmini2 Stack Overflow Vulnerability

Mon, 12/10/2018
Exploiting CVE-2018-19864- Samuel S., Senior Vulnerability ResearcherDuring an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP service on TCP ports 5160 and 5150 via a binary at /NUUO/bin/lite_mv. In order to examine this bug more closely, we analyze the function...
Vulnerability Management
Vulnerability Research

NUUO Firmware Disclosure

Thu, 11/29/2018
NUUO Zero-Day BlogA vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.NUUO has provided a patch for the vulnerability identified on the application. The patched...
Vulnerability Management
Vulnerability Research

ManageEngine Disclosure #3

Wed, 05/02/2018
Our research team is disclosing vulnerabilities identified in ManageEngine’s ADSelfService Plus application. ManageEngine was prompt in responding to the identified flaws and providing fixes for these security issues.A patched version of ADSelfService Plus can be downloaded from the ManageEngine site at: https://www.manageengine.com/products/self-service-password/download.htmlClients who currently...
Vulnerability Management
Vulnerability Research

ManageEngine Disclosure #2

Tue, 03/20/2018
We disclosed multiple additional vulnerabilities identified on various ManageEngine applications. We commend ManageEngine for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.ManageEngine has provided patches for each of the vulnerabilities identified on the applications. The patched applications can be...
Vulnerability Management
Vulnerability Research

ManageEngine

Wed, 01/31/2018
Update March 21, 2018: Added additional vulnerabilities disclosed to ManageEngine that were excluded from the original blog post affecting several additional ManageEngine applications.Multiple vulnerabilities have been identified on various ManageEngine applications discovered by our Vulnerability Research Team (VRT). We commend ManageEngine for their prompt response to the identified flaws and...
Vulnerability Management