bnbdr

8 exploits Active since Jun 2018
CVE-2018-12034 WRITEUP HIGH WORKING POC
YARA < 3.7.1 - Out-of-bounds Read in yr_execute_code
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVSS 7.8
CVE-2018-12035 WRITEUP HIGH WORKING POC
YARA < 3.7.1 - Out-of-bounds Write in yr_execute_code
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVSS 7.8
CVE-2018-19974 WRITEUP MEDIUM WORKING POC
YARA 3.8.1 - Information Disclosure via Uninitialized VM Scratch Memory
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVSS 5.5
CVE-2018-19975 WRITEUP MEDIUM WORKING POC
YARA 3.8.1 - Out-of-bounds Read via OP_COUNT in Bytecode
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVSS 5.5
CVE-2018-19976 WRITEUP MEDIUM WORKING POC
YARA 3.8.1 - Exposure of Sensitive Information via Bytecode Environment Leak
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVSS 5.5
CVE-2019-9949 WRITEUP HIGH WORKING POC
Western Digital My Cloud - Code Injection
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.
CVSS 8.8
CVE-2019-9950 WRITEUP CRITICAL WORKING POC
Western Digital My Cloud Firmware < 2.31.174 - Authentication Bypass via Default 'nobody' Account
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.
CVSS 9.8
CVE-2019-9951 WRITEUP CRITICAL WORKING POC
Western Digital - Unauthenticated File Upload
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
CVSS 9.8