SecuriTeam Secure Disclosure – Page 15 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Tue, 22 Aug 2017 05:22:12 +0000

Vulnerability Summary The following advisory describes a remote code execution vulnerability found in ScrumWorks Pro version 6.7.0. “CollabNet ScrumWorks Pro is an Agile Project Management for Developers, Scrum Masters, and Business”. A trial version can be downloaded from the vendor: https://www.collab.net/products/scrumworks Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam … Continue reading SSD Advisory – ScrumWorks Pro Remote Code Execution

Independent Securiteam

SSD Advisory – Polycom Memory Disclosure

August 20, 2017 admin Information Disclosure, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Sun, 20 Aug 2017 12:03:20 +0000

Vulnerability Summary The following advisory describe a Memory Disclosure vulnerability found in Polycom SoundPoint IP Telephone HTTPd server. Polycom is the leader in HD video conferencing, voice conferencing & telepresence enabling open, standards-based video collaboration. Increase the productivity of your phone calls and conference calls by making sure everyone can hear each other clearly and … Continue reading SSD Advisory – Polycom Memory Disclosure

Independent Securiteam

SSD Advisory – Chrome Turbofan Remote Code Execution

August 16, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 16 Aug 2017 07:21:39 +0000

Vulnerability Summary The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59. Chrome browser is affected by a type confusion vulnerability. The vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and … Continue reading SSD Advisory – Chrome Turbofan Remote Code Execution

Independent Securiteam

SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

August 9, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure, Use After Free

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:50:38 +0000

Vulnerability Summary The following advisory describes a use after free vulnerability that leads to remote code execution found in Acrobat Reader DC version 2017.009.20044. Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address this vulnerability. For more information: … Continue reading SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

Independent Securiteam

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

August 9, 2017 admin Heap Overflow, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:47:48 +0000

Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address … Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Independent Securiteam

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

August 8, 2017 admin File Disclosure, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unrestricted File Upload

Credit to Author: SSD / Maor Schwartz| Date: Tue, 08 Aug 2017 08:49:00 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN … Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Independent Securiteam

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

August 7, 2017 admin Directory Traversal, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 07 Aug 2017 05:23:22 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you … Continue reading SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – Dashlane DLL Hijacking

August 3, 2017 admin DLL Hijacking, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 03 Aug 2017 06:30:36 +0000

Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely sync their data between an unlimited number of devices on all platforms.” Credit An … Continue reading SSD Advisory – Dashlane DLL Hijacking