Unauthenticated Action – Computer Security Articles

Credit to Author: SSD / Noam Rathaus| Date: Mon, 04 Jul 2016 12:58:21 +0000

Vulnerabilities Description Multiple vulnerabilities have been found in Teco’s SG2 and TP3 product, these vulnerabilities allows attackers that are able to supply the products with a specially crafted file to cause it to execute arbitrary code. TECO TP3 PC-LINK tpc file parsing Stack Buffer Overflow Code Execution TECO uses their own propriety file format known … Continue reading SSD Advisory – Teco SG2 and TP3 Vulnerabililites

Independent Securiteam

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

October 4, 2018 admin Local File Inclusion, Privilege Escalation, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Independent Securiteam

SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

August 23, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Ori Nimron| Date: Thu, 23 Aug 2018 10:57:33 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the … Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – QRadar Remote Command Execution

May 28, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Mon, 28 May 2018 10:53:15 +0000

Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change from unauthenticated to authenticated access, to running commands, and finally running these commands with root privileges. Vendor … Continue reading SSD Advisory – QRadar Remote Command Execution

Independent Securiteam

SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution

April 25, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 25 Apr 2018 08:36:14 +0000

Vulnerability Summary Multiple vulnerabilities in TrustPort’s management product allow remote unauthenticated attackers to cause the product to execute arbitrary code. TrustPort Management “offers you an effective and practical way to install centrally, configure and update antivirus software in your network and it enables mass administration of TrustPort products. Central administration from TrustPort brings you simple … Continue reading SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

April 22, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 22 Apr 2018 07:50:33 +0000

Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure … Continue reading SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

Independent Securiteam

SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

April 18, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 18 Apr 2018 05:24:56 +0000

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of multiple Vigor devices from a single portal. VigorACS 2 is based on TR-069 … Continue reading SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Independent Securiteam

SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

March 16, 2018 admin SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for HTTP basic and HTTP digest login types. Confirmed Vulnerable … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

← Previous