SSD Advisory – Sophos XG Firewall Path Traversal

Credit to Author: SSD / Maor Schwartz| Date: Mon, 19 Jun 2017 16:17:18 +0000

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos … Continue reading SSD Advisory – Sophos XG Firewall Path Traversal

Read more

SSD Advisory – ManageEngine Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 16 Jun 2017 18:46:58 +0000

Vulnerability Summary The following advisory describes Unrestricted File Upload vulnerability that leads to Code Execution found in ManageEngine Firewall Analyzer and ManageEngine OpManager. ManageEngine Firewall Analyzer is a browser-based firewall/VPN/proxy server reporting solution that uses a built-in syslog server to store, analyze, and report on these logs. Firewall Analyzer provides daily, weekly, monthly, and yearly … Continue reading SSD Advisory – ManageEngine Code Execution

Read more

Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Credit to Author: SSD / Maor Schwartz| Date: Thu, 15 Jun 2017 14:09:29 +0000

Aspiring ASCII artist, a chef, a gardener, bug bounty hunter and one of the leading browsers vulnerability researchers. Please meet Berend-Jan Wever AKA SkyLined! Questions Q: How many years have you been working in the security field? A: Probably about 30 years. My first experience in security was as a kid, when my computer got … Continue reading Know your community – Berend-Jan Wever (SkyLined / @berendjanwever)

Read more

SSD Advisory – Iceni Infix Multiple Crashes

Credit to Author: SSD / Maor Schwartz| Date: Tue, 13 Jun 2017 11:18:28 +0000

Crashes Summary An independent security researcher has reported 36 different crashes in Iceni Infix. We decided to publish 1 sample out of the 36 crashes – if you want to get the remaining 35 crashes, please contact us via email ssd [at] beyondsecurity (dot) com. “Infix PDF Editor and Infix PDF Editor Pro is popular … Continue reading SSD Advisory – Iceni Infix Multiple Crashes

Read more

Security conferences – Survival guide 2017 Q4

Credit to Author: SSD / Maor Schwartz| Date: Tue, 13 Jun 2017 09:50:23 +0000

The security conferences “Survival guide” for 2017 Q4 is here! We have gathered the following information for you for each conference: Dates: Place: Link to official conference website: Ticket price: Lectures: Workshops: So let’s get started: Security conferences – Survival guide part 4 BRUCON Dates: 5 – 6 October 2017 Place: Aula Academica of the … Continue reading Security conferences – Survival guide 2017 Q4

Read more

Hack2Win 2017 – The Online Version

Credit to Author: SSD / Maor Schwartz| Date: Sun, 11 Jun 2017 10:14:42 +0000

We proud to announce the first online hacking competition! The rules are very simple – you need to hack the D-link router (AC1200 / DIR-850L) and you can win up to 5,000$ USD. To try and help you win – we bought a D-link DIR-850L device and plugged it to the internet (we will disclose … Continue reading Hack2Win 2017 – The Online Version

Read more

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Thu, 08 Jun 2017 07:23:23 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a … Continue reading SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Read more

SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Fri, 02 Jun 2017 07:59:35 +0000

Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 (E0403P10) Enterprise, this vulnerability leads to an exploitable remote code execution. HPE Intelligent Management Center (iMC) delivers comprehensive management across campus core and data center networks. iMC converts meaningless network data to actionable information to keep … Continue reading SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution

Read more

SSD Advisory – Cisco DPC3928AD DOCSIS Wireless Router Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 31 May 2017 07:33:40 +0000

Vulnerability Summary The following advisory describe information disclosure vulnerability in Cisco DPC3928AD DOCSIS wireless router. The Cisco DPC3928AD DOCSIS is a home wireless router that is currently “Out of support” but is provided by ISPs on a large scale in many countries. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam … Continue reading SSD Advisory – Cisco DPC3928AD DOCSIS Wireless Router Information Disclosure

Read more

SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Thu, 25 May 2017 11:52:44 +0000

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Trend Micro Interscan Web Security Virtual Appliance version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads.” The vulnerabilities found in Trend Micro … Continue reading SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

Read more

SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Thu, 25 May 2017 11:52:44 +0000

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads. It features Trend Micro Deep Security, the market … Continue reading SSD Advisory – Trend Micro Deep Security Multiple Vulnerabilities

Read more