Hacktorial
785 subscribers
727 photos
14 videos
10 files
600 links
A Community Dedicated To Tech News, Android, Gizmo & Gadgets, Linux, Jokes & Memes, Tips & Tricks, Movies Updates etc.

Website : https://www.hacktorial.in

Contact Admin @HKFeedBackBot
Download Telegram
πŸ”°πŸ”° Playing Untrusted Videos On VLC Player Could Hack Your Computer πŸ”°πŸ”°

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.

Doing so could allow hackers to remotely take full control over your computer system.

That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.

https://thehackernews.com/2019/06/vlc-media-player-hacking.html?m=1

#VLC #VLCMediaPlayer #RemoteCodeExecution #HackTorial #Vulnerability


πŸ”°πŸ”°πŸ”°πŸ”° @HackTorial πŸ”°πŸ”°πŸ”°πŸ”°
​​1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks To A ProFTPD Vulnerability Lets Users Copy Files Without Permission


ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.

Tobias Madel reveals that the vulnerability exists in ProFTPD’s modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.



This bug exists due to an incorrect access control issue in the mod
copy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.

SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the β€œLimit WRITE” DenyAll directives which allow users without write permissions to copy files to a current folder.

All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.

To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.

Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/


#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial

πŸ”°πŸ”°πŸ”°πŸ”° @HackTorial πŸ”°πŸ”°πŸ”°πŸ”°