SecuriTeam Secure Disclosure – Page 22 – Computer Security Articles

Credit to Author: Maor Schwartz| Date: Mon, 03 Apr 2017 07:29:37 +0000

Vulnerability Summary The following advisory describes a Remote Command Execution vulnerability found in AlientVault OSSIM and USM version 5.3.4 and version 5.3.5. OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the … Continue reading SSD Advisory – AlienVault OSSIM / USM Remote Command Execution

Independent Securiteam

Know your community – Veronique Loquet

March 29, 2017 admin Know your community, SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Wed, 29 Mar 2017 11:27:56 +0000

Veronique Loquet is the proud owner of AL’X Communication, No Such Con Co-founder, Security Vacation Club member and infosec enthusiastic! Questions Q: How many years have you been working in the security field? A: I have been in the security field since 2002. Q: What was your motivation for getting into the security field in … Continue reading Know your community – Veronique Loquet

Independent Securiteam

SSD Advisory – OpenCart Account Takeover

March 26, 2017 admin Insecure Randomness, SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Sun, 26 Mar 2017 13:14:58 +0000

Vulnerability Summary The following advisory describes a account takeover vulnerability found in OpenCart (version 2.3.0.2). OpenCart is a opensource e-commerce platform written in PHP. “Opencart is an easy to-use, powerful, Open Source online store management program that can manage multiple online stores from a single back-end.” Credit An independent security researcher “Ayrx” has reported this … Continue reading SSD Advisory – OpenCart Account Takeover

Independent Securiteam

SSD Advisory – SolarWinds Multiple Vulnerabilities

March 14, 2017 admin Cross Site Scripting, SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Tue, 14 Mar 2017 07:15:01 +0000

Vulnerabilities Summary SolarWinds Server and Application Monitor version 6.1.1 has been found to contain multiple vulnerabilities: Node Custom Properties Persistent XSS Audit Events Module Persistent XSS Custom “Data Source” and ‘Where Clause’ Persistent XSS “Build Dynamic Query Name” Persistent XSS Multiple Persistent XSS Vulnerabilities Via ‘Title’ field Application Monitor Template Persistent XSS NOC View Name … Continue reading SSD Advisory – SolarWinds Multiple Vulnerabilities →

Independent Securiteam

SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure

March 9, 2017 admin File Disclosure, SecuriTeam Secure Disclosure

Credit to Author: noam| Date: Thu, 09 Mar 2017 08:34:23 +0000

Vulnerability Summary The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server. The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices. The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed. As most embedded … Continue reading SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure →

Independent Securiteam

SSD Advisory – MuraCMS Multiple Vulnerabilities

March 3, 2017 admin SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Fri, 03 Mar 2017 16:04:16 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in MuraCMS version 6.2. MuraCMS is an open source content management system for CFML, created by Blue River Interactive Group. Mura has been designed to be used by marketing departments, web designers and developers. The vulnerabilities found in MuraCMS are: Unauthenticated remote arbitrary code execution … Continue reading SSD Advisory – MuraCMS Multiple Vulnerabilities →

Independent Securiteam

SSD Advisory – Oracle Java FTP Stream Injection

February 21, 2017February 21, 2017 admin SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 13:51:34 +0000

Vulnerability Summary The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere” (WORA). Credit An independent security … Continue reading SSD Advisory – Oracle Java FTP Stream Injection →

Independent Securiteam

SSD Advisory – HiSilicon multiple vulnerabilities

February 21, 2017February 21, 2017 admin SecuriTeam Secure Disclosure

Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 07:44:16 +0000

Vulnerabilities Summary The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware. HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and … Continue reading SSD Advisory – HiSilicon multiple vulnerabilities →