Day: July 4, 2016

SSD Advisory – Untangle NG Firewall Remote Command Execution

Vulnerability Description The Untangle NG Firewall appliance includes a free module called “Captive Portal”. This module is installed by default with several other recommended modules. This module works as 2FA authentication system, which enables multi user login (in VPN or LAN environment for example) and custom firewall rules for each one. It forces all traffic …

SSD Advisory – Untangle NG Firewall Remote Command Execution Read More »

SSD Advisory – Ghost CMS Multiple Vulnerabilities

Vulnerabilities Description The following report describes four (4) different vulnerabilities found in Ghost CMS software, used in hundred of thousands of blog around the world. The vulnerabilities allows the attacker to disrupt the service and change the content of the blog. Moreover is also possible to perform some kind of DoS ( Denial of Service …

SSD Advisory – Ghost CMS Multiple Vulnerabilities Read More »

SSD Advisory – BMC Track-It Arbitrary File Upload and Information Disclosure

Vulnerability Description BMC Track-It! 11.4 contains an arbitrary file upload vulnerability and an information disclosure vulnerability which can be exploited by an unauthenticated user. The file upload vulnerability can be used to upload a file to the web root and execute code under the IIS user. The information disclosure vulnerability allows you to obtain the …

SSD Advisory – BMC Track-It Arbitrary File Upload and Information Disclosure Read More »

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities

Background WebNMS is an industry-leading framework for building network management applications. With over 25,000 deployments worldwide and in every Tier 1 Carrier, network equipment providers and service providers can customize, extend and rebrand WebNMS as a comprehensive Element Management System (EMS) or Network Management System (NMS). NOC Operators, Architects and Developers can customize the functional …

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities Read More »

SSD Advisory – 3CX VoIP Phone System Manager Server Remote Code Execution Vulnerability (with SYSTEM privileges)

Vulnerability Description The 3CX product installs a Windows service called “Abyss Web Server” (abyssws.exe) which listens on default public ports 5000 (tcp/http) and 5001 (tcp/https) for incoming requests to the web panel and runs with NT AUTHORITY\SYSTEM privileges. Without requiring authentication/authorization it is possible to upload arbitrary scripts into an accessible web path through the …

SSD Advisory – 3CX VoIP Phone System Manager Server Remote Code Execution Vulnerability (with SYSTEM privileges) Read More »

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution

Vulnerability Description A remote authenticated user (student) could place malicious PHP files inside a public web path and execute arbitrary code/commands (note that self-registration will be probably enabled on most implementations). This is because the insitem() function inside /appLms/modules/scorm/scorm.php which subsequently calls into /addons/pclzip/pclzip.lib.php to extract uploaded zip files. If the zip file contains a …

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution Read More »

SSD Advisory – Wget Arbitrary Commands Execution

Vulnerability Description A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which …

SSD Advisory – Wget Arbitrary Commands Execution Read More »

HITB 2016 PHP Challenge Write Up

UPDATE: I got word that rileykidd has posted his own write-up, if you would like to see another solution go to: http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-part-1/ The following is a write-up on our Hack in the Box 2016 PHP Challenge that was part of the CTF. The CTF’s goal was to give researchers and security researcher (as CTF was …

HITB 2016 PHP Challenge Write Up Read More »

?

Get in touch