Unauthenticated Action – Page 2 – Computer Security Articles

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and digest login types. Confirmed Vulnerable Appweb version … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Independent Securiteam

SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

February 14, 2018 admin Information Disclosure, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 14 Feb 2018 08:58:11 +0000

Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet technology reduces power consumption by up to 50%. For your convenience … Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Independent Securiteam

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

February 11, 2018 admin Buffer Overflow, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Feb 2018 07:06:24 +0000

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer … Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Independent Securiteam

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

February 11, 2018 admin Hack2Win, Information Disclosure, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 11 Feb 2018 06:10:03 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: … Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Independent Securiteam

SSD安全公告-GitStack未经验证的远程代码执行漏洞

February 6, 2018 admin Chinese Translation, SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Tue, 06 Feb 2018 08:44:21 +0000

漏洞概要以下安全公告描述了在GitStack中存在的一个未经身份验证的动作，允许远程攻击者添加新用户，然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows，并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。漏洞提交者一位独立的安全研究人员 Kacper Szurek向 Beyond Security 的 SSD 报告了该漏洞厂商响应自2017年10月17日起，我们多次尝试联系GitStack，已经收到回应，但未提供有关解决方案或解决方法的详细信息。 CVE：CVE-2018-5955 漏洞详细信息用户可控的输入没有经过充分的过滤，未经身份验证的攻击者可以通过发送以下POST请求在GitStack服务器中添加新用户： [crayon-5a7a29f09ace6671375808/] 一旦攻击者将用户添加到服务器，他就可以启用web repository功能。现在，攻击者可以从远程创建一个repository，并禁止其他人访问我们新的repository。在repository中，攻击者可以上传后门并使用它来执行代码：漏洞证明 [crayon-5a7a29f09acf2853583590/]

Independent Securiteam

SSD Advisory – Hotspot Shield Information Disclosure

January 30, 2018 admin Information Disclosure, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 30 Jan 2018 15:26:00 +0000

Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.” Credit An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond … Continue reading SSD Advisory – Hotspot Shield Information Disclosure

Independent Securiteam

SSD安全公告-Sophos XG从未经身份验证的存储型XSS漏洞到Root访问

January 22, 2018 admin Chinese Translation, Persistent XSS, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 22 Jan 2018 11:52:38 +0000

漏洞概要以下安全公告描述了在Sophos XG 17中发现的一个存储型XSS漏洞，成功利用该漏洞可以获取root访问。 Sophos XG防火墙“全新的控制中心为用户的网络提供前所未有的可视性。可以获得丰富的报告，还可以添加Sophos iView，以便跨多个防火墙进行集中报告。“ 漏洞提交者一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞厂商响应 Sophos已被告知这个漏洞，他们的回应是： 12月11日，我们收到并确认您提交的问题 12月12日，我们确认了这个问题，并开始进行修复 12月20日，我们发布了XGv17 MR3的官方修复：https：https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released 12月29日，我们完成了对之前发布的XGv16，v16.5，v17版本的修复 12月31日，我们根据您的要求发布了我们的安全公告：https://community.sophos.com/kb/en-us/128024?elqTrackId=3a6db4656f654d65b352f526d26c6a17&elq=1514ab02d2764e8cb73e6b0bdbe7e7be&elqaid=2739&elqat=1&elqCampaignId=27053 CVE：CVE-2017-18014 漏洞详细信息未经身份验证的用户可以在webadmin界面中的WAF日志页面（控制中心 – >日志浏览器 – >，在过滤器选项“Web服务器保护”中）中触发存储型XSS漏洞，该漏洞可执行防火墙webadmin 可以执行的任何动作（创建新的用户/ 启用ssh和添加ssh授权密钥等）。为了触发这个漏洞，我们将演示以下场景： Sophos XG Firewall配置3个区域：Trusted，Untrusted，DMZ WEB服务器被放置在DMZ中防火墙使用Sophos推荐的默认Web应用防火墙（WAF）保护Web服务器。来自Untrusted网络的攻击者向DMZ中的Web服务器发送URL请求，造成到脚本注入WAF日志页面来自Trusted的管理员访问WAF日志页面没有任何其他交互或警告，脚本向管理用户添加一个SSH授权密钥，并允许来自Untrusted的ssh管理。攻击者获得完整的root ssh shell Sophos XG WAF日志页面将执行POST请求中“User-Agent”参数。漏洞证明 Sophos XG配置: 防火墙接口可信 – 192.168.10.190端口A. 防火墙接口不可信 – 192.168.0.192端口B. … Continue reading SSD安全公告-Sophos XG从未经身份验证的存储型XSS漏洞到Root访问

Independent Securiteam

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

January 22, 2018 admin Configuration Reset, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Mon, 22 Jan 2018 11:50:36 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also … Continue reading SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution