Remote Command Execution – Page 4 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 15 Oct 2017 06:54:31 +0000

Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets … Continue reading SSD Advisory – Webmin Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Vacron NVR Remote Command Execution

October 8, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 08 Oct 2017 06:49:20 +0000

Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.” Credit … Continue reading SSD Advisory – Vacron NVR Remote Command Execution

Independent Securiteam

SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution

September 27, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 27 Sep 2017 11:19:30 +0000

Vulnerability summary The following advisory describes an Unauthenticated Remote Command Execution vulnerability found in Netgear ReadyNAS Surveillance. Netgear ReadyNAS Surveillance – Small businesses and corporate branch offices require a secure way to protect physical assets, but often lack the security expertise or big budget that most solutions require. With these challenges in mind, NETGEAR introduces … Continue reading SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution

Independent Securiteam

SSD Advisory – FLIR Systems Multiple Vulnerabilities

September 24, 2017 admin Information Disclosure, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 24 Sep 2017 09:26:54 +0000

Vulnerabilities Summary The following advisory describes 5 (five) vulnerabilities found in FLIR Systems FLIR Thermal/Infrared Camera FC-Series S, FC-Series ID, PT-Series. FLIR – “Best-in-class thermal cameras with on-board analytics for high-performance intrusion detection. The new FC-Series ID combines best-in-class thermal image detail and high-performance edge perimeter analytics together in a single device that delivers optimal … Continue reading SSD Advisory – FLIR Systems Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

September 5, 2017 admin Information Disclosure, Local File Inclusion, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 05 Sep 2017 11:11:02 +0000

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root … Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

September 3, 2017 admin File Disclosure, Remote Command Execution, SecuriTeam Secure Disclosure, Server Side Request Forgery, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 03 Sep 2017 06:38:44 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page. The vulnerabilities found are: Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution Unauthenticated File Disclosure Unauthenticated Server Side Request Forgery As these tutorial may be used as the basis for production code, it is important for users … Continue reading SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

Independent Securiteam

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

August 30, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 30 Aug 2017 02:39:13 +0000

Vulnerability summary The following advisory describes an unauthenticated Remote Command Execution vulnerability in My Cloud products with that has Dropbox App installed. The My Passport, My Book, and My Cloud (Single-Bay) drives allow users to backup their data to an existing Dropbox account using WD SmartWare Pro, WD Backup. The My Cloud Dropbox App (Available … Continue reading SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

Independent Securiteam

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

August 8, 2017 admin File Disclosure, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unrestricted File Upload

Credit to Author: SSD / Maor Schwartz| Date: Tue, 08 Aug 2017 08:49:00 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN … Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)