SecuriTeam Secure Disclosure – Page 16 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Tue, 01 Aug 2017 12:55:01 +0000

After the great success of the first “Hack2Win – The Online Version” (https://blogs.securiteam.com/index.php/archives/3310 ) we decided to raise the bar. The rules are very simple – you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To try and help you win – we bought a Ubiquiti … Continue reading Hack2Win – The Online Version – Ubiquiti Router

Independent Securiteam

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

July 30, 2017 admin Man In The Middle, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 30 Jul 2017 06:47:06 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures … Continue reading SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Independent Securiteam

SSD Advisory – Supervisor Authenticated Remote Code Execution

July 26, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 26 Jul 2017 10:45:54 +0000

Vulnerability Summary The following advisory describes an authenticated remote code execution vulnerability in Supervisor version 3.1.2 and Supervisor version 3.3.2. Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems – used to control processes related to a project or a customer, and is … Continue reading SSD Advisory – Supervisor Authenticated Remote Code Execution

Independent Securiteam

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

July 24, 2017 admin Directory Traversal, Remote Command Execution, SecuriTeam Secure Disclosure, Use After Free

Credit to Author: SSD / Maor Schwartz| Date: Mon, 24 Jul 2017 05:25:58 +0000

Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that … Continue reading SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Geneko Routers Unauthenticated Path Traversal

July 16, 2017 admin Directory Traversal, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Sun, 16 Jul 2017 07:24:56 +0000

Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, … Continue reading SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Independent Securiteam

SSD Advisory – OrientDB Code Execution

July 13, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 13 Jul 2017 06:49:26 +0000

Vulnerability Summary The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code. OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and best scalable, high-performance, operational NoSQL database. Credit An independent security researcher, Francis … Continue reading SSD Advisory – OrientDB Code Execution

Independent Securiteam

SSD Advisory – 360 Total Security Privileged Escalation

July 12, 2017 admin Privilege Escalation, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 12 Jul 2017 10:55:43 +0000

Vulnerability Summary The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security. 360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats. Whether you are shopping online, downloading files or chatting with your friends you can be sure that 360 Total Security is there to keep you … Continue reading SSD Advisory – 360 Total Security Privileged Escalation

Independent Securiteam

Hack2Win 2017 D-Link 850L Results

July 11, 2017 admin Hack2Win, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Tue, 11 Jul 2017 08:36:11 +0000

On June 11th 2017 we announced the first online version of our ‘Hack2Win’ hacking competition. We allocated $10,000 USD as pay outs to valid submissions, and 2 months of competition time – by making the product available on the internet – to allow everyone a chance to hack it. The device was made publicly accessible … Continue reading Hack2Win 2017 D-Link 850L Results