SSD Advisory – Microsoft Office SMB Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Sun, 15 Oct 2017 05:41:56 +0000

Vulnerability Summary The following advisory describes an information disclosure found in Microsoft Office versions 2010, 2013, and 2016. Microsoft Office is: “Whether you’re working or playing, Microsoft is here to help. We’re the company that created Microsoft Office, including Office 365 Home, Office 365 Personal, Office Home & Student 2016, Office Home & Business 2016, … Continue reading SSD Advisory – Microsoft Office SMB Information Disclosure

Read more

SSD Advisory – FiberHome Directory Traversal

Credit to Author: SSD / Maor Schwartz| Date: Fri, 13 Oct 2017 12:50:11 +0000

Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and … Continue reading SSD Advisory – FiberHome Directory Traversal

Read more

SSD Advisory – QNAP HelpDesk SQL Injection

Credit to Author: SSD / Maor Schwartz| Date: Mon, 09 Oct 2017 14:26:28 +0000

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App … Continue reading SSD Advisory – QNAP HelpDesk SQL Injection

Read more

SSD Advisory – PHP Melody Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Mon, 09 Oct 2017 13:03:25 +0000

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly great CMS should help you save time and make … Continue reading SSD Advisory – PHP Melody Multiple Vulnerabilities

Read more

SSD Advisory – Vacron NVR Remote Command Execution

Credit to Author: SSD / Maor Schwartz| Date: Sun, 08 Oct 2017 06:49:20 +0000

Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.” Credit … Continue reading SSD Advisory – Vacron NVR Remote Command Execution

Read more

SSD Advisory – Angular-CLI Authentication Bypass

Credit to Author: SSD / Maor Schwartz| Date: Wed, 04 Oct 2017 08:10:14 +0000

Vulnerability summary The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2 The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!” Credit An independent security researcher, Paolo Stagno aka VoidSec, has reported this vulnerability to Beyond Security’s … Continue reading SSD Advisory – Angular-CLI Authentication Bypass

Read more

SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Tue, 03 Oct 2017 12:18:28 +0000

Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd ( Tiandy Tech) is “one of top 10 leading CCTV manufacturer in China and a global supplier of advanced video surveillance solutions.” Credit An independent security researcher, Netfairy, has reported this vulnerability to … Continue reading SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure

Read more

SSD Advisory – Horde Groupware Unauthorized File Download

Credit to Author: SSD / Maor Schwartz| Date: Tue, 03 Oct 2017 12:14:16 +0000

Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from … Continue reading SSD Advisory – Horde Groupware Unauthorized File Download

Read more