SecuriTeam Secure Disclosure – Page 25 – Computer Security Articles

Vulnerability Summary The following report describes a remote code execution vulnerability found in SwiftMailer. The vulnerability allows an attacker injecting sendmail program due to insufficient address sanitization. Swift Mailer integrates into any web app written in PHP 5, offering a flexible object-oriented approach to sending emails with a multitude of features Credit An independent security … Continue reading SSD Advisory – SwiftMailer Remote Code Execution →

Independent Securiteam

SSD Advisory – ZendMail Remote Code Execution Vulnerability

January 23, 2017 admin SecuriTeam Secure Disclosure

Vulnerability Summary The following report describes a remote code execution vulnerability found in ZendMail. The vulnerability allows an attacker injecting additional parameters to the sendmail binary via the From address. Credit An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vulnerability Details “ZendMail provides generalized functionality … Continue reading SSD Advisory – ZendMail Remote Code Execution Vulnerability →

Independent Securiteam

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

January 23, 2017 admin SecuriTeam Secure Disclosure

Vulnerability Summary The following advisory describes four (4) vulnerabilities and default accounts / passwords in ZyXEL / Billion customized routers. TrueOnline is a major Internet Service Provider in Thailand that provides customized versions of routers to its customers, free of charge. The routers are manufactured by ZyXEL and Billion runs a special Linux distribution called … Continue reading SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities →

Independent Securiteam

SSD Advisory – EasyIO Multiple Vulnerabilities

January 23, 2017 admin SecuriTeam Secure Disclosure

Vulnerability Summary The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. The three vulnerabilities found in EasyIO include: Unauthenticated remote code execution Unauthenticated database file download Authenticated directory traversal vulnerability The vulnerability affected … Continue reading SSD Advisory – EasyIO Multiple Vulnerabilities →

Independent Securiteam

Security conferences – Survival guide 2017 Q1

January 23, 2017 admin Conferences, SecuriTeam Secure Disclosure

We have some few more days until the end of the year (2016) but it’s time to open the calendar and get ready for 2017(!). We will try publish every quarter the main security conferences* We have gathered the following information for you for each conference: Dates Place Link to official conference website Ticket price … Continue reading Security conferences – Survival guide 2017 Q1 →