Commentary – Page 2 – Computer Security Articles

Credit to Author: Maor Schwartz| Date: Wed, 12 Apr 2017 13:07:37 +0000

Takayuki Terashima, also known as Tessy (@tessy_jp), is one of AVTOKYO founder, Vice Executive Committee Chairman at SecCon and CTF team leader! Questions Q: How many years have you been involved in the security field, what was your motivation to get into it the first place? A: About 16 years. I started to work for … Continue reading Know your community– Tessy (Takayuki Terashima)

Independent Securiteam

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

March 19, 2017 admin Commentary, Directory Traversal, External Entity (XXE), Remote Code Execution

Credit to Author: Maor Schwartz| Date: Sun, 19 Mar 2017 08:05:05 +0000

Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content. … Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE →

Independent Securiteam

SSD Advisory – HTC Sync Remote Code Execution

February 27, 2017 admin Commentary

Credit to Author: Maor Schwartz| Date: Mon, 27 Feb 2017 10:19:14 +0000

Vulnerabilities Summary The following advisory describes a remote code execution (RCE) found in HTC Sync version v3.3.63. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response The vulnerability was not reported to the vendor because the product has reached end of life on 31 August 2016 … Continue reading SSD Advisory – HTC Sync Remote Code Execution →

Independent Securiteam

SSD Advisory – Tripwire IP360 Local File Inclusion

February 15, 2017 admin Commentary

Credit to Author: Maor Schwartz| Date: Wed, 15 Feb 2017 07:16:18 +0000

Vulnerabilities Summary The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application. Credit An independent security researcher Mohammed Shameem has reported this … Continue reading SSD Advisory – Tripwire IP360 Local File Inclusion →

Independent Securiteam

HITCON Taiwan 2016

January 23, 2017 admin Commentary

On the 1-2 December 2016 we had the honor for the first time to sponsor HITCON and visit Taiwan. Our adventure started in November 30th when Noam and I landed in Taipei and we had half a day to sightseeing and set up our booth at the conference hall. In the evening we were invited … Continue reading HITCON Taiwan 2016 →