Subscribe: SecuriTeam Blogs
http://blogs.securiteam.com/?feed=rss2
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
advisory –  advisory  continue reading  continue  reading ssd  reading  ssd advisory  ssd  vulnerabilities  vulnerability   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: SecuriTeam Blogs

SecuriTeam Blogs



We pay more for vulnerabilities



Last Build Date: Sun, 22 Apr 2018 07:50:33 +0000

 



SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

Sun, 22 Apr 2018 07:50:33 +0000

Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure … Continue reading SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution



SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Wed, 18 Apr 2018 05:24:56 +0000

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of multiple Vigor devices from a single portal. VigorACS 2 is based on TR-069 … Continue reading SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization



SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Wed, 21 Mar 2018 14:48:51 +0000

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response The vendor was notified on the 28th of November 2017, and responded that they take security … Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE



SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for HTTP basic and HTTP digest login types. Confirmed Vulnerable … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)



SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution



beVX Conference Challenge

Sun, 04 Mar 2018 07:27:05 +0000

During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-1 – that you had to download and reverse engineer and server that you had to access … Continue reading beVX Conference Challenge



SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Wed, 14 Feb 2018 08:58:11 +0000

Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet technology reduces power consumption by up to 50%. For your convenience … Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure



SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Sun, 11 Feb 2018 07:06:24 +0000

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer … Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow



SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Sun, 11 Feb 2018 06:10:03 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: … Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities



SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Thu, 08 Feb 2018 08:02:43 +0000

Vulnerabilities summary The following advisory describes three (3) vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection (2) It is possible to chain the vulnerabilities and to achieve unauthenticated remote command execution. Credit An independent security researcher, Robert Kugler (https://www.s3cur3.it), has reported this vulnerabilities to Beyond … Continue reading SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities



SSD安全公告-GitStack未经验证的远程代码执行漏洞

Tue, 06 Feb 2018 08:44:21 +0000

漏洞概要 以下安全公告描述了在GitStack中存在的一个未经身份验证的动作,允许远程攻击者添加新用户,然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。 这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows,并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。 漏洞提交者 一位独立的安全研究人员 Kacper Szurek向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 自2017年10月17日起,我们多次尝试联系GitStack,已经收到回应,但未提供有关解决方案或解决方法的详细信息。 CVE:CVE-2018-5955 漏洞详细信息 用户可控的输入没有经过充分的过滤,未经身份验证的攻击者可以通过发送以下POST请求在GitStack服务器中添加新用户: [crayon-5adc8ede6c4c0353158710/] 一旦攻击者将用户添加到服务器,他就可以启用web repository功能。 现在,攻击者可以从远程创建一个repository,并禁止其他人访问我们新的repository。 在repository中,攻击者可以上传后门并使用它来执行代码: 漏洞证明 [crayon-5adc8ede6c4c6886948107/]



SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Sun, 04 Feb 2018 12:03:20 +0000

Vulnerabilities summary The following advisory describes 12 (twelve) vulnerabilities found in Python Bytecode Disassembler and Decompiler (pycdc). Python Bytecode Disassembler and Decompiler (pycdc) “aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support … Continue reading SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities



SSD Advisory – Hotspot Shield Information Disclosure

Tue, 30 Jan 2018 15:26:00 +0000

Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.” Credit An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond … Continue reading SSD Advisory – Hotspot Shield Information Disclosure



SSD Advisory – iBall Multiple Vulnerabilities

Mon, 29 Jan 2018 09:07:45 +0000

Vulnerabilities summary The following advisory describes two (2) vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connection now and later decide to change to Broadband or vice-versa you don’t … Continue reading SSD Advisory – iBall Multiple Vulnerabilities



SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

Wed, 24 Jan 2018 14:11:46 +0000

Vulnerabilities summary The following advisory describes two (2) guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1. Credit An independent security researcher, Niklas Baumstark, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Oracle were informed of the vulnerabilities and released patches to address them. For … Continue reading SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities



SSD安全公告-希捷个人云存储设备多个漏洞

Mon, 22 Jan 2018 12:07:17 +0000

漏洞概要 以下安全公告描述两个未经身份验证的命令注入漏洞。 希捷个人云家庭媒体存储设备是“存储,整理,流式传输,共享所有音乐,电影,照片和重要文档的最简单的方式”。 漏洞提交者 一位独立的安全研究人员Yorick Koster向 Beyond Security 的 SSD 报告了该漏洞。 厂商响应 希捷在10月16日被告知该漏洞,虽然已确认收到漏洞信息,但拒绝回应(我们给出的)技术细节,也没有给出确定的修复时间或是协调报告。 CVE:CVE-2018-5347 漏洞详细信息 Seagate Media Server使用Django Web框架并映射到.psp扩展名。 任何以.psp结尾的URL都会使用FastCGI协议自动发送到Seagate Media Server应用程序。 /etc/lighttpd/conf.d/django-host.conf: [crayon-5adc8ede6f95e526731500/] URL被映射到文件/usr/lib/django_host/seagate_media_server/urls.py中特定的views。 有两个views受到未经认证的命令注入漏洞的影响。 受影响的views是: uploadTelemetry getLogs 这些views从GET参数获取用户输入,并将这些未经验证/解析的参数传递给Python模块相应的函数。 这允许攻击者注入任意的系统命令,这些命令将以root权限执行。 /usr/lib/django_host/seagate_media_server/views.py: [crayon-5adc8ede6f96a233926721/] /usr/lib/django_host/seagate_media_server/views.py: [crayon-5adc8ede6f96f896434789/] 请注意,这两个views都包含csrf_exempt decorator,它会禁用Django的默认开启的CSRF保护。 因此,这些问题可以通过跨站请求伪造来进行利用。 漏洞证明 下面的漏洞验证代码将尝试启用SSH服务,并更改root密码。 如果成功,则可以使用新密码通过SSH登录设备。 [crayon-5adc8ede6f975944858053/]