Unauthenticated Action – Page 8 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Wed, 30 Aug 2017 02:39:13 +0000

Vulnerability summary The following advisory describes an unauthenticated Remote Command Execution vulnerability in My Cloud products with that has Dropbox App installed. The My Passport, My Book, and My Cloud (Single-Bay) drives allow users to backup their data to an existing Dropbox account using WD SmartWare Pro, WD Backup. The My Cloud Dropbox App (Available … Continue reading SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

Independent Securiteam

SSD Advisory – ScrumWorks Pro Remote Code Execution

August 22, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 22 Aug 2017 05:22:12 +0000

Vulnerability Summary The following advisory describes a remote code execution vulnerability found in ScrumWorks Pro version 6.7.0. “CollabNet ScrumWorks Pro is an Agile Project Management for Developers, Scrum Masters, and Business”. A trial version can be downloaded from the vendor: https://www.collab.net/products/scrumworks Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam … Continue reading SSD Advisory – ScrumWorks Pro Remote Code Execution

Independent Securiteam

SSD Advisory – Chrome Turbofan Remote Code Execution

August 16, 2017 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 16 Aug 2017 07:21:39 +0000

Vulnerability Summary The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59. Chrome browser is affected by a type confusion vulnerability. The vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and … Continue reading SSD Advisory – Chrome Turbofan Remote Code Execution

Independent Securiteam

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

August 9, 2017 admin Heap Overflow, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:47:48 +0000

Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address … Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Independent Securiteam

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

August 8, 2017 admin File Disclosure, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unrestricted File Upload

Credit to Author: SSD / Maor Schwartz| Date: Tue, 08 Aug 2017 08:49:00 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN … Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Independent Securiteam

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

August 7, 2017 admin Directory Traversal, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 07 Aug 2017 05:23:22 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you … Continue reading SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

July 30, 2017 admin Man In The Middle, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 30 Jul 2017 06:47:06 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures … Continue reading SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Independent Securiteam

SSD Advisory – Serviio Media Server Multiple Vulnerabilities

May 2, 2017 admin Cross Site Scripting, Information Disclosure, Privilege Escalation, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: Maor Schwartz| Date: Tue, 02 May 2017 10:58:33 +0000

Vulnerabilities Summary The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1. Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on … Continue reading SSD Advisory – Serviio Media Server Multiple Vulnerabilities