SSD Advisory – Ametys CMS Unauthenticated Password Reset

Credit to Author: SSD / Maor Schwartz| Date: Tue, 07 Nov 2017 09:23:50 +0000

Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system (CMS) written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented framework.” Credit An independent security researcher, Jose Luis, … Continue reading SSD Advisory – Ametys CMS Unauthenticated Password Reset

Read more

SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 01 Nov 2017 05:08:10 +0000

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.1(2ePE1). Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The VM includes software that emulates hardware communications for the Cisco Unified Computing System (Cisco UCS) hardware that is configured … Continue reading SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

Read more

SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Tue, 31 Oct 2017 17:25:29 +0000

Vulnerabilities summary The following advisory describes two (2) vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler’s SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and … Continue reading SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Read more

SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:35:08 +0000

Vulnerabilities summary The following advisory describes five (5) vulnerabilities found in ZTE ZXR10 Router. ZXR10 ZSR V2 series router is “the next generation intelligent access router product of ZTE, which integrates routing, switching, wireless, security, and VPN gateway. The product adopts industry-leading hardware platform and software architecture to provide an intelligent and flexible platform for … Continue reading SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Read more

SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:31:38 +0000

Vulnerability Summary The following advisory describes an Crash found in K7 Total Security. Credit An independent security researcher, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response K7 has released patches to address this vulnerability – K7TotalSecurity version 15.1.0.305 Vulnerability details User controlled input to K7Sentry device is not sufficiently sanitized, … Continue reading SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read

Read more

SSD Advisory – Geneko Routers Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:26:40 +0000

Vulnerability Summary The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21 Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G … Continue reading SSD Advisory – Geneko Routers Information Disclosure

Read more

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 18 Oct 2017 14:00:07 +0000

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An … Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Read more

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Credit to Author: SSD / Maor Schwartz| Date: Wed, 18 Oct 2017 05:42:41 +0000

Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been … Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Read more