Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
148e251d9ddfd0423ac5e26fca7cc59aA flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
40fda4c2a16f2e00046340df84539054It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
7ee90d03763dd9d1bf3d0ff765a7bab3It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.
40d40eb07c533689a9146b8d54b35a20It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.
81f68b864a5e934987060adf6222477bIt was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
8137c7cec868dfc1cc789683ce268ce8Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.
6de4d493c54ea789d91dbcba0df1db8bSeagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
5ae797b5faaf3d32724a1d8e66d233b3VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.
77cea9e9382eded61fbed8053c84a2adKaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
7283fc16d75dc79988225cb4c903d5c5Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.
907b91ed2f652a5d04feabc0ab331cb0VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.
59ddde2caff6394072eed1459a12fd42A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.
605ce3e61e7a1e700654afd0b394ab11VTech DigiGo with firmware version 83.60630 fails to perform certificate pinning in some flows.
b42e1511b7ec7a18c5d96a398e4d3d07pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.
d27cfffbd264ae18908fb4c5e7e89289Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.
0eb7c4204f9e48e3f70079bf8624f7daVirtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.
2af4bc88b18673fd24ac2f529c2fd96bA vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
c2f465d0fafdbcf4b9a63fb413f084f5Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
03efc4e9cf55948800f65cb80dd0da13The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
25a2023423f7860059c0e4cb8e179437Scriptler Jenkins version 2.9 suffers from a cross site scripting vulnerability.
51c7b60005aa4d94fc3a39b0ebc67e50Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
b33e14dcb95985bd6976931c23b1f515It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
c5887ca20f54ac55ae19e8611c88c6f7Western Digital My Cloud suffers from a cross site request forgery vulnerability.
1f1be9f28d76dd964efe11d9a8018d08Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
e64dc08f721927ea61266f162a334e42
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed