Unauthenticated Action – Page 6 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Wed, 18 Oct 2017 14:00:07 +0000

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An … Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Independent Securiteam

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

October 18, 2017 admin Cross Site Scripting, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 18 Oct 2017 05:42:41 +0000

Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been … Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Independent Securiteam

SSD Advisory – Ikraus Anti Virus Remote Code Execution

October 16, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 16 Oct 2017 09:21:04 +0000

Vulnerability summary The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7. KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects you from SPAM and malware from e-mails. Prevent intrusion and protect yourself against cyber-criminals by choosing IKARUS anti.virus, powered by … Continue reading SSD Advisory – Ikraus Anti Virus Remote Code Execution

Independent Securiteam

SSD Advisory – FiberHome Directory Traversal

October 13, 2017 admin Directory Traversal, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Fri, 13 Oct 2017 12:50:11 +0000

Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and … Continue reading SSD Advisory – FiberHome Directory Traversal

Independent Securiteam

SSD Advisory – PHP Melody Multiple Vulnerabilities

October 9, 2017 admin Cross Site Scripting, SecuriTeam Secure Disclosure, SQL Injection, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 09 Oct 2017 13:03:25 +0000

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly great CMS should help you save time and make … Continue reading SSD Advisory – PHP Melody Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Vacron NVR Remote Command Execution

October 8, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 08 Oct 2017 06:49:20 +0000

Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.” Credit … Continue reading SSD Advisory – Vacron NVR Remote Command Execution

Independent Securiteam

SSD Advisory – Angular-CLI Authentication Bypass

October 4, 2017 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 04 Oct 2017 08:10:14 +0000

Vulnerability summary The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2 The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!” Credit An independent security researcher, Paolo Stagno aka VoidSec, has reported this vulnerability to Beyond Security’s … Continue reading SSD Advisory – Angular-CLI Authentication Bypass

Independent Securiteam

SSD Advisory – Horde Groupware Unauthorized File Download

October 3, 2017 admin File Disclosure, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 03 Oct 2017 12:14:16 +0000

Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from … Continue reading SSD Advisory – Horde Groupware Unauthorized File Download