Unauthorized Access – Computer Security Articles

Credit to Author: SSD / Ori Nimron| Date: Thu, 20 Sep 2018 03:41:42 +0000

Vulnerabilities Summary An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR … Continue reading SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Independent Securiteam

SSD安全公告-GitStack未经验证的远程代码执行漏洞

February 6, 2018 admin Chinese Translation, SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Tue, 06 Feb 2018 08:44:21 +0000

漏洞概要以下安全公告描述了在GitStack中存在的一个未经身份验证的动作，允许远程攻击者添加新用户，然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows，并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。漏洞提交者一位独立的安全研究人员 Kacper Szurek向 Beyond Security 的 SSD 报告了该漏洞厂商响应自2017年10月17日起，我们多次尝试联系GitStack，已经收到回应，但未提供有关解决方案或解决方法的详细信息。 CVE：CVE-2018-5955 漏洞详细信息用户可控的输入没有经过充分的过滤，未经身份验证的攻击者可以通过发送以下POST请求在GitStack服务器中添加新用户： [crayon-5a7a29f09ace6671375808/] 一旦攻击者将用户添加到服务器，他就可以启用web repository功能。现在，攻击者可以从远程创建一个repository，并禁止其他人访问我们新的repository。在repository中，攻击者可以上传后门并使用它来执行代码：漏洞证明 [crayon-5a7a29f09acf2853583590/]

Independent Securiteam

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

January 22, 2018 admin Configuration Reset, Hack2Win, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Mon, 22 Jan 2018 11:50:36 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also … Continue reading SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Independent Securiteam

SSD Advisory – GitStack Unauthenticated Remote Code Execution

January 15, 2018 admin SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Mon, 15 Jan 2018 12:22:25 +0000

Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private Git server for Windows. This means that you create a leading edge versioning system … Continue reading SSD Advisory – GitStack Unauthenticated Remote Code Execution

Independent Securiteam

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

January 1, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Mon, 01 Jan 2018 10:41:38 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: Default Credentials Remote Command Execution Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor … Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – Trustwave SWG Unauthorized Access

December 26, 2017 admin SecuriTeam Secure Disclosure, Unauthenticated Action, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Tue, 26 Dec 2017 07:07:13 +0000

Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway (SWG) “provides distributed enterprises effective real-time protection against dynamic new malware, strong policy enforcement, and a unique Zero-Malware Guarantee when managed for you … Continue reading SSD Advisory – Trustwave SWG Unauthorized Access