SecuriTeam Secure Disclosure – Page 17 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 02 Jul 2017 08:09:16 +0000

Vulnerability Summary The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge Management Server version 1.0.1.0005. IsilonSD Edge Management Server enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, … Continue reading SSD Advisory – EMC IsilonSD Edge Management Server Command Injection

Independent Securiteam

SSD Advisory – Skype For Business XSS

July 6, 2017 admin Cross Site Scripting, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 06 Jul 2017 05:45:53 +0000

Vulnerability Summary The following advisory describes an XSS vulnerability found in Skype for Business. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response The vendor has released patches to address this vulnerability and has only provided these details in response to our query on the status: … Continue reading SSD Advisory – Skype For Business XSS

Independent Securiteam

SSD Advisory – EMC IsilonSD Edge Command Injection

July 2, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Sun, 02 Jul 2017 08:09:16 +0000

Vulnerability Summary The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge version 1.0.1.0005. IsilonSD Edge enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, Easily extends your enterprise … Continue reading SSD Advisory – EMC IsilonSD Edge Command Injection

Independent Securiteam

SSD Advisory – Odoo CRM Code Execution

June 30, 2017 admin Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Fri, 30 Jun 2017 18:50:42 +0000

Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value proposition is to be at the same time very easy to … Continue reading SSD Advisory – Odoo CRM Code Execution

Independent Securiteam

SSD Advisory – Sophos XG Firewall Path Traversal

June 19, 2017 admin Directory Traversal, Remote File Inclusion, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Mon, 19 Jun 2017 16:17:18 +0000

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos … Continue reading SSD Advisory – Sophos XG Firewall Path Traversal

Independent Securiteam

SSD Advisory – ManageEngine Code Execution

June 16, 2017 admin Code Execution, SecuriTeam Secure Disclosure, Unrestricted File Upload

Credit to Author: SSD / Maor Schwartz| Date: Fri, 16 Jun 2017 18:46:58 +0000

Vulnerability Summary The following advisory describes Unrestricted File Upload vulnerability that leads to Code Execution found in ManageEngine Firewall Analyzer and ManageEngine OpManager. ManageEngine Firewall Analyzer is a browser-based firewall/VPN/proxy server reporting solution that uses a built-in syslog server to store, analyze, and report on these logs. Firewall Analyzer provides daily, weekly, monthly, and yearly … Continue reading SSD Advisory – ManageEngine Code Execution

Independent Securiteam

Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

June 15, 2017 admin Know your community, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 15 Jun 2017 14:09:29 +0000

Aspiring ASCII artist, a chef, a gardener, bug bounty hunter and one of the leading browsers vulnerability researchers. Please meet Berend-Jan Wever AKA SkyLined! Questions Q: How many years have you been working in the security field? A: Probably about 30 years. My first experience in security was as a kid, when my computer got … Continue reading Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Independent Securiteam

SSD Advisory – Iceni Infix Multiple Crashes

June 13, 2017 admin Buffer Overflow, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Tue, 13 Jun 2017 11:18:28 +0000

Crashes Summary An independent security researcher has reported 36 different crashes in Iceni Infix. We decided to publish 1 sample out of the 36 crashes – if you want to get the remaining 35 crashes, please contact us via email ssd [at] beyondsecurity (dot) com. “Infix PDF Editor and Infix PDF Editor Pro is popular … Continue reading SSD Advisory – Iceni Infix Multiple Crashes