topbento – Page 6 – bentoboxinfosec

REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816

March 28, 2020May 24, 2023 topbento No Comments

If you have a strong dislike for advertisements intruding on your internet experience and you like to tinker and DIY your home network, then you might likely have deployed a Pi-hole in your environment. This vulnerability does require access to the Pi-hole webui and admin credentials, but it allows for arbitrary command execution. Pi-hole versions … Read More “REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816” »

Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE

February 29, 2020May 23, 2023 topbento No Comments

News, Vulnerability

At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy … Read More “Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE” »

NordVPN COMPROMISE

October 24, 2019May 23, 2023 topbento No Comments

Breach, News

One of the most popular VPN provides, NordVPN has been in the news recently for being hacked. According to NordVPN no user data was compromised and the bad actor never had access to any user traffic. A bad actor was able to acquire a TLS key for a single server in Finland. NordVPN is downplaying … Read More “NordVPN COMPROMISE” »

NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION

June 7, 2019May 23, 2023 topbento No Comments

News, Vulnerability

A security vulnerability was revealed earlier this week in the Nvidia GeForce Experience. If you are not familiar this is Nvidia’s preferred, (meaning default), method of delivering drivers to their video cards. Most gamers using Nvidia cards likely have this application installed to keep their drivers updated. It also includes the ability to take screenshots … Read More “NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION” »

NORSK HYDRO AND US CITIES AFFECTED BY RANSOMWARE

June 5, 2019May 23, 2023 topbento No Comments

Breach, News, Ransomware

Norsk Hydro, (one of the world’s largest aluminum producers), has suffered a loss of profits due to a recent cyber attack. Additionally large US cities are struggling with ransomware. Baltimore and Atlanta have both fallen victim recently and they are not alone. These attacks were noteworthy in that they did not target the people but … Read More “NORSK HYDRO AND US CITIES AFFECTED BY RANSOMWARE” »

ADBLOCK PLUS – ARBITRARY CODE EXECUTION

April 17, 2019May 23, 2023 topbento No Comments

News, Vulnerability

There is a good write up from Armin Sebastian on a vulnerability in Adblock Plus 3.2 which can allow for arbitrary code execution under certain conditions. There $rewrite filter option is the source of the problem and several conditions must be met in order for an attack to be possible. uBlock Origin is not susceptible … Read More “ADBLOCK PLUS – ARBITRARY CODE EXECUTION” »