Securiteam – Page 17 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:50:38 +0000

Vulnerability Summary The following advisory describes a use after free vulnerability that leads to remote code execution found in Acrobat Reader DC version 2017.009.20044. Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address this vulnerability. For more information: … Continue reading SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

Independent Securiteam

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

August 9, 2017 admin Heap Overflow, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:47:48 +0000

Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address … Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Independent Securiteam

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

August 8, 2017 admin File Disclosure, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unrestricted File Upload

Credit to Author: SSD / Maor Schwartz| Date: Tue, 08 Aug 2017 08:49:00 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN … Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Independent Securiteam

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

August 7, 2017 admin Directory Traversal, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 07 Aug 2017 05:23:22 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you … Continue reading SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – Dashlane DLL Hijacking

August 3, 2017 admin DLL Hijacking, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 03 Aug 2017 06:30:36 +0000

Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely sync their data between an unlimited number of devices on all platforms.” Credit An … Continue reading SSD Advisory – Dashlane DLL Hijacking

Independent Securiteam

Hack2Win – The Online Version – Ubiquiti Router

August 1, 2017 admin Hack2Win, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Tue, 01 Aug 2017 12:55:01 +0000

After the great success of the first “Hack2Win – The Online Version” (https://blogs.securiteam.com/index.php/archives/3310 ) we decided to raise the bar. The rules are very simple – you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To try and help you win – we bought a Ubiquiti … Continue reading Hack2Win – The Online Version – Ubiquiti Router

Independent Securiteam

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

July 30, 2017 admin Man In The Middle, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 30 Jul 2017 06:47:06 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures … Continue reading SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Independent Securiteam

SSD Advisory – Supervisor Authenticated Remote Code Execution

July 26, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 26 Jul 2017 10:45:54 +0000

Vulnerability Summary The following advisory describes an authenticated remote code execution vulnerability in Supervisor version 3.1.2 and Supervisor version 3.3.2. Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems – used to control processes related to a project or a customer, and is … Continue reading SSD Advisory – Supervisor Authenticated Remote Code Execution