Securiteam – Page 19 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 02 Jul 2017 08:09:16 +0000

Vulnerability Summary The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge version 1.0.1.0005. IsilonSD Edge enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, Easily extends your enterprise … Continue reading SSD Advisory – EMC IsilonSD Edge Command Injection

Independent Securiteam

June 30, 2017 admin

SSD Advisory – Odoo CRM Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 30 Jun 2017 18:50:42 +0000

Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value proposition is to be at the same time very easy to … Continue reading SSD Advisory – Odoo CRM Code Execution

Independent Securiteam

June 19, 2017 admin

SSD Advisory – Sophos XG Firewall Path Traversal

Credit to Author: SSD / Maor Schwartz| Date: Mon, 19 Jun 2017 16:17:18 +0000

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos … Continue reading SSD Advisory – Sophos XG Firewall Path Traversal

Independent Securiteam

June 16, 2017 admin

SSD Advisory – ManageEngine Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 16 Jun 2017 18:46:58 +0000

Vulnerability Summary The following advisory describes Unrestricted File Upload vulnerability that leads to Code Execution found in ManageEngine Firewall Analyzer and ManageEngine OpManager. ManageEngine Firewall Analyzer is a browser-based firewall/VPN/proxy server reporting solution that uses a built-in syslog server to store, analyze, and report on these logs. Firewall Analyzer provides daily, weekly, monthly, and yearly … Continue reading SSD Advisory – ManageEngine Code Execution

Independent Securiteam

June 15, 2017 admin

Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Credit to Author: SSD / Maor Schwartz| Date: Thu, 15 Jun 2017 14:09:29 +0000

Aspiring ASCII artist, a chef, a gardener, bug bounty hunter and one of the leading browsers vulnerability researchers. Please meet Berend-Jan Wever AKA SkyLined! Questions Q: How many years have you been working in the security field? A: Probably about 30 years. My first experience in security was as a kid, when my computer got … Continue reading Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Independent Securiteam

June 13, 2017 admin

SSD Advisory – Iceni Infix Multiple Crashes

Credit to Author: SSD / Maor Schwartz| Date: Tue, 13 Jun 2017 11:18:28 +0000

Crashes Summary An independent security researcher has reported 36 different crashes in Iceni Infix. We decided to publish 1 sample out of the 36 crashes – if you want to get the remaining 35 crashes, please contact us via email ssd [at] beyondsecurity (dot) com. “Infix PDF Editor and Infix PDF Editor Pro is popular … Continue reading SSD Advisory – Iceni Infix Multiple Crashes

Independent Securiteam

June 13, 2017 admin

Security conferences – Survival guide 2017 Q4

Credit to Author: SSD / Maor Schwartz| Date: Tue, 13 Jun 2017 09:50:23 +0000

The security conferences “Survival guide” for 2017 Q4 is here! We have gathered the following information for you for each conference: Dates: Place: Link to official conference website: Ticket price: Lectures: Workshops: So let’s get started: Security conferences – Survival guide part 4 BRUCON Dates: 5 – 6 October 2017 Place: Aula Academica of the … Continue reading Security conferences – Survival guide 2017 Q4

Independent Securiteam

June 11, 2017 admin

Hack2Win 2017 – The Online Version

Credit to Author: SSD / Maor Schwartz| Date: Sun, 11 Jun 2017 10:14:42 +0000

We proud to announce the first online hacking competition! The rules are very simple – you need to hack the D-link router (AC1200 / DIR-850L) and you can win up to 5,000$ USD. To try and help you win – we bought a D-link DIR-850L device and plugged it to the internet (we will disclose … Continue reading Hack2Win 2017 – The Online Version