Day: November 23, 2015

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning

Vulnerability Description iLO is an embedded operating system available within HP Proliant and Integrity servers. IP is a feature within iLO that provides local and remote access for provisioning purposes. It was discovered that hidden requests were being made to server during a normal client session. Exploring this obfuscated functionality revealed the ability to execute …

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning Read More »

SSD Advisory – Dynamic Web TWAIN SDK Vulnerabilities

Introduction Dynamic Web TWAIN is a TWAIN-based scanning SDK software specifically designed for web applications. With just a few lines of code, you can develop robust applications to scan documents from TWAIN-compatible scanners, edit the scanned images and save them to a file system. Vulnerability Details Two security vulnerabilities have been found in Dynamic Web …

SSD Advisory – Dynamic Web TWAIN SDK Vulnerabilities Read More »

SSD Advisory – Yahoo RSS Reader XXE Vulnerability (CFAJAX)

Vulnerability Description A vulnerability in the way CFAJAX handles incoming requests allows attackers to cause the program to execute arbitrary code. The vulnerability is present in a few packages that CFAJAX provides, below is an example of exploitation of this vulnerability in Yahoo RSS Reader. The vulnerability is not limited to this software, but to …

SSD Advisory – Yahoo RSS Reader XXE Vulnerability (CFAJAX) Read More »

?

Get in touch