Tech Editorials #Advisory #CVE #RCE

Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN)

Orange Tsai

2019-02-19

After Jenkins released the [Security Advisory](https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595) and fixed the dynamic routing vulnerability on 2018-12-05, I started to organize my notes in order to write this Hacking Jenkins series. While reviewing notes, I found another exploitation way on a gadget that I failed to exploit before! Therefore, the part two is the story for that! This is also one of my favorite exploits and is really worth reading :)

Tech Editorials #Advisory #CVE #infoleak #SSRF

Hacking Jenkins Part 1 - Play with Dynamic Routing (EN)

Orange Tsai

2019-01-16

This article is mainly about a brief security review on Jenkins in the last year. During this review, we found 5 vulnerabilities including: CVE-2018-1999002(Arbitrary file read vulnerability), CVE-2018-1000600(CSRF and missing permission checks in GitHub Plugin), CVE-2018-1999046(Unauthorized users could access agent logs), CVE-2018-1000861(Code execution through crafted URLs), CVE-2019-pending(Sandbox Bypass in Script Security and Pipeline Plugins)

Tech Editorials #Advisory #Exim #RCE #CVE

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing

Meh

2018-03-06

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk. Patched version 4.90.1 is already released and we suggest to upgrade exim immediately.

Tech Editorials #Advisory #CVE #Vulnerability

Sandstorm Security Review

Shaolin

2018-01-26

In order to leverage the vulnerabilities, we put part of efforts into review of Sandstorm's source codes, and tried to escape the sandbox to impact the whole server...

Tech Editorials #Advisory #Exim #RCE #CVE

Road to Exim RCE - Abusing Unsafe Memory Allocator in the Most Popular MTA

Meh

2017-12-11

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE); and CVE-2017-16944 for a Denial-of-Service (DoS) vulnerability.

Tech Editorials #Advisory #Facebook #BugBounty #RCE #CVE

Advisory: Accellion File Transfer Appliance Vulnerability

Orange Tsai

2016-09-22

According to a public data reconnaissance, there are currently 1,217 FTA servers online around the world, most of which are located in the US, followed by Canada, Australia, UK, and Singapore. Determine from the domain name and SSL Certificate of these servers, FTA is widely used by governmental bodies, educational institutions, enterprises, including several well-known brands.