SecuriTeam Secure Disclosure – Page 4 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Sun, 22 Apr 2018 07:50:33 +0000

Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure … Continue reading SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

Independent Securiteam

SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

April 18, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 18 Apr 2018 05:24:56 +0000

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of multiple Vigor devices from a single portal. VigorACS 2 is based on TR-069 … Continue reading SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Independent Securiteam

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

March 21, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Wed, 21 Mar 2018 14:48:51 +0000

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response The vendor was notified on the 28th of November 2017, and responded that they take security … Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Independent Securiteam

SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

March 16, 2018 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for HTTP basic and HTTP digest login types. Confirmed Vulnerable … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Independent Securiteam

SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

March 14, 2018 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and digest login types. Confirmed Vulnerable Appweb version … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Independent Securiteam

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

March 14, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, unauth

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Independent Securiteam

VK Messenger (VKontakte) vk:// URI Handler Commands Execution

March 11, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, unauth

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Independent Securiteam

beVX Conference Challenge

March 4, 2018 admin Conferences, SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Sun, 04 Mar 2018 07:27:05 +0000

During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-1 – that you had to download and reverse engineer and server that you had to access … Continue reading beVX Conference Challenge