A tale of an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine Log360.

Zoho ManageEngine O365 Manager Plus before Build 4419 is vulnerable to command injection vulnerability.

Zoho ManageEngine O365 Manager Plus before Build 4423 is vulnerable to client-side access-control bypass & CSRF attacks.

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows execution of arbitrary code via security misconfiguration.

Zoho ManageEngine Log360 before Build 5225 allows execution of arbitrary code by overwriting BCP file.

Zoho ManageEngine Log360 before Build 5224 allows execution of arbitrary code by overwriting/creating arbitrary files under /bin directory.

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

The GdkPixbuf library is vulnerable to heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Following are some of the frida snippets I have written in past to bypass some of the client-side checks in android apps.

Django CMS application does not validate plugin_type parameter while generating the error messages for invalid plugin type. The vulnerability allows an attacker to execute arbitrary javascript code in the web browser of affected user.

ManageEngine DataSecurity Plus’s DataEngine Xnode Server application does not validate the database schema name when handling DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of DataSecurity Plus application by writing a JSP file in the webroot directory using a directory traversal attack.

ManageEngine DataSecurity Plus application uses default admin credentials to communicate with Dataengine Xnode server. This allows an attacker to bypass authentication for Dataengine Xnode server and execute all operations in the context of admin user. Combining this vulnerability with the Path Traversal vulnerability, an unauthenticated attacker can execute code in the context of DataSecurity Plus application.

While upgrading the Manage Engine Asset Explorer’s windows agent, it does not validate the source IP address of server sending the UPGRADE request and downloads the agent binary via an insecure channel, allowing an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM priviliges on agent machines by providing arbitrary executables via MITM attack.

ManageEngine Asset Explorer application does not validate SCCM Database Username when dynamically generating command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

In this post, I will be disclosing POCs for multiple Remote Command & Code injection vulnerabilities found in Wifi-soft’s Unibox Controllers. The vulnerabilities allows an attacker to gain root privileges on the system and affects all versions of Wifi-soft’s Unibox Controllers. As there was no response from Wifi-soft team with-in and after 90 days disclosure timeline, I am going with full disclosure. So that people using these devices know the risk they are putting their infrastructure upto.

In this post, we will discuss a stored XSS vulnerability found in one of the popular opensource medical records management software OpenMRS 2.7.0. The security research conducted for this software revealed many critical vulnerabilities ranging from Authenticated Remote Code Execution via Java Deserialization to Privilege Escalation and had been reported to vendor around 9 months back.

It was identified that one of the components of Apache OpenMeetings v 4.0.1 is vulnerable to Persistent Cross Site Scripting vulnerability. An attacker can exploit these vulnerabilities to hijack admin user’s browser along with the data stored in it.

Hello Everyone, as requested by one of my friends, I would like to share my experience about Offensive Security’s one of the most dreaded exam Offensive Security Certified Expert. I have divided this post in following sections:

It was identified that admin panel of Piwigo application is vulnerable to Cross Site Request Forgery vulnerabilities. An attacker can exploit these vulnerabilities to coerce user in performing unintended actions.

It was identified that admin panel of Piwigo application is vulnerable to multiple Persistent Cross Site Scripting vulnerabilities. An attacker can exploit these vulnerabilities to hijack client’s browser along with the data stored in it.

It was identified that admin panel of Piwigo application is vulnerable to multiple SQL Injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the connected MySQL database.