Day: November 25, 2015

SSD Advisory – Acunetix WVS XSS, Memory Exhaustion and DoS

Vulnerability Description Three security vulnerabilities have been discovered in Acunetix WVS, these vulnerabilities allow a site owner that knows that his site will scanned by Acunetix (with permission or without) to target the user of the Acunetix and to cause the product to crash, exhaust memory of the scanner or to trigger a cross site …

SSD Advisory – Acunetix WVS XSS, Memory Exhaustion and DoS Read More »

SSD Advisory – Xerox DocuShare Multiple Vulnerabilities

Introduction DocuShare is a content management system developed by Xerox Corporation. DocuShare makes use of open standards and allows for managing content, integrating it with other business systems, and developing customized and packaged software applications. Multiple vulnerabilities have been found in Xerox DocuShare:   DSUtilityLib.HelperObj.4 Activex Control ShowHelp Method lstrcatW() Call Stack Buffer Overflow Vulnerability …

SSD Advisory – Xerox DocuShare Multiple Vulnerabilities Read More »

SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass

Vulnerability Description RecoverPoint’s virtual appliance can be accessible via SSH with the default credentials of boxmgmt:boxmgmt; during testing, no password change option was found. Using these credentials, it’s possible to escape the management interface via command injection to drop into a shell and further take advantage of sudo privileged operations to read arbitrary files as …

SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Read More »

SSD Advisory – Infinite Automation Systems Mango Cross Site Scripting and Arbitrary File Upload

Introduction Infinite Automation Systems is headquartered in Lafayette, Colorado. The affected product, Mango Automation, is a centralized web-based SCADA/HMI and data acquisition software. According to Infinite Automation Systems, Mango Automation is deployed across several sectors including Commercial Facilities, Critical Manufacturing, Food and Agriculture, and Energy. Infinite Automation Systems estimates that these products are used worldwide. …

SSD Advisory – Infinite Automation Systems Mango Cross Site Scripting and Arbitrary File Upload Read More »

?

Get in touch