Quantcast
Channel: Advisories – @Mediaservice.net Technical Blog
Browsing latest articles
Browse All 15 View Live

Image may be NSFW.
Clik here to view.

CVE-2019-3010 – Local privilege escalation on Solaris 11.x via xscreensaver

As previously mentioned, INFILTRATE left me with the will to hack stuff and enjoy it like it was 1999. That’s why I decided to take a closer look at Solaris 11.4 and search for potential...

View Article


CVE-2020-2656 – Low impact information disclosure via Solaris xlock

A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that...

View Article


Image may be NSFW.
Clik here to view.

CVE-2020-2696 – Local privilege escalation via CDE dtsession

During my recent audit of Oracle Solaris, undertaken as a weekend project, I inevitably had to review the Common Desktop Environment shipped with Solaris 10. CDE has a huge attack surface of legacy...

View Article

CVE-2020-7799 – FusionAuth “Apache Freemarker” Code Execution

@Mediaservice.net Security Advisory #2020-03 (last updated on 2020-01-27) Title: FusionAuth command execution via Apache Freemarker Template Application: FusionAuth 1.10 and lower Platforms: Tested on...

View Article

Image may be NSFW.
Clik here to view.

CVE-2019-12180 – ReadyAPI & SoapUI command execution via malicous project file

In early 2019, I had to pentest a couple of SOAP WebServices of a client and, as usual, I requested them some example requests as a baseline for my analysis. The client suggested to use a SoapUI /...

View Article


Image may be NSFW.
Clik here to view.

CVE-2020-2944 – Local privilege escalation via CDE sdtcm_convert

Since I moved from Solaris 11 to audit Solaris 10, my weekend project has become much more fun… As you already know if you are a reader of this blog, at the beginning of November I started auditing...

View Article

CVE-2020-2851 – Stack-based buffer overflow in CDE libDtSvc

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow...

View Article

CVE-2020-2771 – Heap-based buffer overflow in Solaris whodo and w commands

A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to...

View Article

Browsing latest articles
Browse All 15 View Live