SecuriTeam Secure Disclosure – Page 14 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 24 Sep 2017 07:58:32 +0000

Vulnerability Summary The following advisory describes a password reset found in Sentora / ZPanel. Sentora is “a free to download and use web hosting control panel developed for Linux, UNIX and BSD based servers or computers. The Sentora software can turn a domestic or commercial server into a fully fledged, easy to use and manage … Continue reading SSD Advisory – Sentora / ZPanel Password Reset Vulnerability

Independent Securiteam

SSD Advisory – NEXXT Authentication Bypass

September 18, 2017 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 17 Sep 2017 09:02:04 +0000

Vulnerability Summary The following advisory describes an authentication bypass found in NEXXT routers. NEXXT Connectivity Solutions develops “state of the art networking devices that help connect people and things together, at home, the office and virtually everywhere”. Credit An independent security researcher, Netfairy, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor … Continue reading SSD Advisory – NEXXT Authentication Bypass

Independent Securiteam

SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change

September 11, 2017 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 11 Sep 2017 13:49:23 +0000

Vulnerability summary The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams. Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been focusing on R&D of products and technology of digital video surveillance field. While providing product and technical support, it also provides overall solution for … Continue reading SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change

Independent Securiteam

SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

September 7, 2017 admin Man In The Middle, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Thu, 07 Sep 2017 06:14:58 +0000

Vulnerabilities Summary The following advisory describes a Remote Code Execution found in McAfee McAfee LiveSafe (MLS) versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from … Continue reading SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

Independent Securiteam

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

September 5, 2017 admin Information Disclosure, Local File Inclusion, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 05 Sep 2017 11:11:02 +0000

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root … Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

September 3, 2017 admin File Disclosure, Remote Command Execution, SecuriTeam Secure Disclosure, Server Side Request Forgery, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 03 Sep 2017 06:38:44 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page. The vulnerabilities found are: Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution Unauthenticated File Disclosure Unauthenticated Server Side Request Forgery As these tutorial may be used as the basis for production code, it is important for users … Continue reading SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

Independent Securiteam

SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

August 30, 2017 admin denial of service, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 30 Aug 2017 19:11:43 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Oracle Java JDK/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0) The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure … Continue reading SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

Independent Securiteam

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

August 30, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 30 Aug 2017 02:39:13 +0000

Vulnerability summary The following advisory describes an unauthenticated Remote Command Execution vulnerability in My Cloud products with that has Dropbox App installed. The My Passport, My Book, and My Cloud (Single-Bay) drives allow users to backup their data to an existing Dropbox account using WD SmartWare Pro, WD Backup. The My Cloud Dropbox App (Available … Continue reading SSD Advisory – Remote Command Execution in Western Digital with Dropbox App