Securiteam – Page 8 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Mon, 15 Jan 2018 12:22:25 +0000

Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private Git server for Windows. This means that you create a leading edge versioning system … Continue reading SSD Advisory – GitStack Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities

January 11, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 11 Jan 2018 13:45:21 +0000

Vulnerabilities summary The following advisory describes two (2) unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.” Credit An independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor … Continue reading SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access

January 8, 2018 admin Persistent XSS, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 08 Jan 2018 06:21:27 +0000

Vulnerability Summary The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17. Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized … Continue reading SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access

Independent Securiteam

Happy New Year 2018 – Challenge Solution

January 8, 2018 admin SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Mon, 08 Jan 2018 06:15:57 +0000

In our post found here: https://blogs.securiteam.com/index.php/archives/3616, we hid a challenge. The challenge was split into two parts: 1. Finding it 2. Solving it Finding it wasn’t very hard, the challenge was hidden inside the image, it wasn’t anything fancy, just inside the image you had a zip file appended to the end of the file: … Continue reading Happy New Year 2018 – Challenge Solution

Independent Securiteam

SSD Advisory–D-Link DSL-6850U多个漏洞

January 7, 2018 admin Chinese Translation, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 07 Jan 2018 06:28:24 +0000

漏洞概要以下安全公告描述了在D-Link DSL-6850U BZ_1.00.01 – BZ_1.00.09中的发现的两个漏洞。 D-Link DSL-6850U是一款“以色列Bezeq制造的路由器”，在这款路由器中发现的漏洞是：默认凭证远程命令执行漏洞提交者一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞厂商响应 Bezeq在6月9日被告知了这个漏洞，并且发布了补丁来解决这些漏洞。漏洞详细信息该设备定制的固件存在以下问题：默认启用远程Web管理不能禁用默认帐户默认凭证默认帐户用户名是：support 密码是：support 远程命令执行 shell界面只允许执行一组内置命令，但是你可以通过’＆’ ‘||’ 插入命令到shell： [crayon-5a529cda84c8f912287642/] 上述命令执行后返回一个BusyBox shell

Independent Securiteam

Know your community – Sergi Alvarez AKA Pancake

January 4, 2018 admin SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 04 Jan 2018 11:13:19 +0000

The creator of Radare2, vulnerability researcher, chef and a family man – meet Sergi Alvarez also known as Pancake! Questions Q: How many years have you been working in the security field? A: I started programming BASIC in Spectrum and PC/M. Then I switched to MSDOS and assembly (TASM) as a main language. From there … Continue reading Know your community – Sergi Alvarez AKA Pancake

Independent Securiteam

Happy New Year – 2018

January 4, 2018 admin Know your community, SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Tue, 02 Jan 2018 14:35:57 +0000

Happy new year everyone! Hope you had the chance to celebrate and think about all the good things that happened to you in 2017. We have a nice surprise for you – this link is worth 1,000$ USD !* *You don’t need to hack the website, the money is out there in the link* We … Continue reading Happy New Year – 2018

Independent Securiteam

SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

January 3, 2018 admin buff, Hard-Coded Password, Information Disclosure, Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 03 Jan 2018 06:33:51 +0000

Vulnerabilities Summary The following advisory describes four (4) vulnerabilities found in Livebox Fibra router version AR_LBFIBRA_sp-00.03.04.112S. It is possible to chain the vulnerabilities into remote code execution. The “Livebox Fibra” router is “manufactured by Arcadyan for Orange and Jazztel in Spain” The vulnerabilities found in Arcadyan routers are: Unauthenticated configuration information leak Hard-coded credentials Memory … Continue reading SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities