Published Vulnerabilities

Fri
30
Jan
Editorial_Staff_Team's picture

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure ?

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure ?

The security researcher and analyst of Akati Consulting Pvt Ltd  (Rajivarnan R.) discovered a prevention white-paper that explains the impact of the Glibc (Linux) Ghost Vulnerability.

[CVE-ID 2015-0235]

A Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue.

Fri
19
Dec
Editorial_Staff_Team's picture

IBackup v10.0.0.45 suffers from a local Privilege Escalation Vulnerability

IBackup v10.0.0.45 suffers from a local Privilege Escalation Vulnerability

The indepndent vulnerability laboratory researcher `Hadji Samir ` discovered a local privilege escalation web vulnerability in the official Pro Softnet Corporation iBackup v10.x software. The issue exploits a local server vulnerability in the root path of the software to compromise the system by gaining higher system access privileges.

The `ibservice` service for windows could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user`s code would execute with the elevated privileges of the application.

Pages

Subscribe to RSS - Published Vulnerabilities