Yahoo using 'admin' as username and password, leads to RCE


Behrouz Sadeghipour, a bug bounty hunter, has found a critical vulnerability in one of the subdomain of Yahoo(hk.yahoo.net) that allowed him to access admin panel.

It is funny to know that the hk.yahoo.net is using 'admin' as username and password for its panel.

After gaining access to the admin panel, he managed to upload his backdoor shell to the server.  Using the shell, he was able to delete or create any file or run any commands on the server.

He was also able to control few other subdomains of Yahoo.  After getting notification from the researcher, Yahoo has patched the security hole.  Researcher is still waiting for his bounty. 

In addition to this bug, he also found another vulnerability 'Directory Traveral attack' on health.yahoo.com that allowed him to read the contents of '/etc/passwd' files on the server. 

VMware Patches critical directory traversal vulnerability in its VMware View


VMware has patched a critical directory traversal vulnerability in its View VMWare desktop virtualization platform that could allow a hacker to access arbitrary files from affected View Servers.

The vulnerability affects both the View Connection Server and the View Security Server. The vulnerability was discovered by Digital Defense, a security service provider.

According to VMware advisory, the affected versions are View 5.x prior to 5.1.2 and 4.x prior to 4.6.2. Users are advised to upgrade to the latest version.

Users who are unable to immediately update their View Servers are advised to "Disable security server" or "blocking directory traversal attacks with an intrusion detection/prevention system or an application firewall".