RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s certificate and private key. Versions 7.0 through 7.3 are affected.
You May Also Like
Leawo Prof. Media 11.0.0.1 Denial Of Service
Leawo Prof. Media version 11.0.0.1 suffers from a denial of service vulnerability.
- cybersecurityredflag_sdevzw
- July 26, 2021
Zero-Day Used to Wipe My Book Live Devices
Threat actors may have been duking it out for control of the…
- cybersecurityredflag_sdevzw
- June 30, 2021
Backdoor.Win32.IRCBot.gen Remote Command Execution
Backdoor.Win32.IRCBot.gen malware suffers from an unauthenticated remote command execution vulnerability.
- cybersecurityredflag_sdevzw
- July 19, 2021
Backdoor.Win32.Wuca.nz Insecure Permissions
Backdoor.Win32.Wuca.nz malware suffers from an insecure permissions vulnerability.
- cybersecurityredflag_sdevzw
- June 9, 2021