π°π° Playing Untrusted Videos On VLC Player Could Hack Your Computer π°π°
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
https://thehackernews.com/2019/06/vlc-media-player-hacking.html?m=1
#VLC #VLCMediaPlayer #RemoteCodeExecution #HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
https://thehackernews.com/2019/06/vlc-media-player-hacking.html?m=1
#VLC #VLCMediaPlayer #RemoteCodeExecution #HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
ββ1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks To A ProFTPD Vulnerability Lets Users Copy Files Without Permission
ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.
Tobias Madel reveals that the vulnerability exists in ProFTPDβs modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.
This bug exists due to an incorrect access control issue in the modcopy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.
SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the βLimit WRITEβ DenyAll directives which allow users without write permissions to copy files to a current folder.
All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.
To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.
Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/
#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°
ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.
Tobias Madel reveals that the vulnerability exists in ProFTPDβs modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.
This bug exists due to an incorrect access control issue in the modcopy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.
SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the βLimit WRITEβ DenyAll directives which allow users without write permissions to copy files to a current folder.
All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.
To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.
Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/
#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°
