Author name: SSD Secure Disclosure technical team

Hack2Win – a CodeBlue Conference Event (Update)

Hi, Due to some issues importing WiFi equipment into Japan we had to remove the following products from our list of available targets:   ASUS RT-N16 TRENDNet TS-I300W OM2P-HS 802.11gn AXIS 0554-004 M1004-W D-Link AC3200 If you have already found a vulnerability that you were planning on using during the event, don’t be discouraged, it is …

Hack2Win – a CodeBlue Conference Event (Update) Read More »

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103)

  Introduction A security vulnerability in Microsoft Exchange has been discovered that allows attackers to cause the server to return the cookie information inside the HTML response. This would allow an attacker to use Javascript to access, the otherwise inaccessible, cookie information and utilize this information to login to an active Exchange Server’s OWA web …

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103) Read More »

Hack2Win – a CodeBlue Conference Event (Japanese)

Hi everyone and thank you Kentaro for the translation, (Please note there is an update for this event here: https://blogs.securiteam.com/index.php/archives/2653) An English version is available here: https://blogs.securiteam.com/index.php/archives/2626 今年のCode Blueではスポンサーだけではなく新たな挑戦も提供したいと考えま した。(我々にとってもカンファレンス参加者にとっても新しいチャレンジだと 考えてます。)   今年の会場に僕らは11台のデバイスを用意してみんなにハッキングできるかど うか挑戦してもらうと考えています。   今回のチャレンジのために様々なデバイスを用意しようと考えてます、各デバイ スは200ドル前後のデバイスで皆さんも気軽にイベント前に購入して実験できる と思ってます。   今回チャレンジの対象デバイスは:

Hack2Win – a CodeBlue Conference Event

Hi everyone, (Please note there is an update for this event here: https://blogs.securiteam.com/index.php/archives/2653) A Japanese version is available here: https://blogs.securiteam.com/index.php/archives/2630 We have decided this year to not only sponsor CodeBlue, but also try something new (for us and I believe the conference’s attendees). We will be bringing 11 devices to the conference premises and allowing …

Hack2Win – a CodeBlue Conference Event Read More »

SSD Advisory – Kloxo Sensitive Information Disclosure

Introduction Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions. Vulnerability Details Kloxo contains a vulnerability that could allow an authenticated remote attacker (client or auxiliary) to get almost any info from DB, for example passwords of other users (including administrators), credentials for …

SSD Advisory – Kloxo Sensitive Information Disclosure Read More »

SSD Advisory – Rocket BlueZone Multiple Vulnerabilities

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work. Introduction Rocket BlueZone Terminal Emulation Suite is the solution you need if you are looking to replace your aging, expensive, current Terminal Emulation solution. Our software …

SSD Advisory – Rocket BlueZone Multiple Vulnerabilities Read More »

SSD Advisory – Zenario CMS Multiple Vulnerabilities

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Zenario is a web-based …

SSD Advisory – Zenario CMS Multiple Vulnerabilities Read More »

SSD Advisory – Kirby CMS Multiple Vulnerabilities

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Kirby is “a file‑based …

SSD Advisory – Kirby CMS Multiple Vulnerabilities Read More »

SSD Advisory – Multiple Dokeos Vulnerabilities

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Dokeos e-Learning is an …

SSD Advisory – Multiple Dokeos Vulnerabilities Read More »

SSD Advisory – Ubiquiti Networks mFi Controller Server Authentication Bypass

(Update: We are republishing this after removing it – as requested by the vendor – but as the vendor has not responded nor provided any progress in the last 30 days, we are making the information public again) Introduction mFi hardware and software combines plug-and-play installation with big-data analytics, event reporting and scheduling to create …

SSD Advisory – Ubiquiti Networks mFi Controller Server Authentication Bypass Read More »

SSD Advisory – IMail Cross Site Scripting

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction IMail Server is a …

SSD Advisory – IMail Cross Site Scripting Read More »

SSD Advisory – HP iLO Format String

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction HP Proliant Servers provide …

SSD Advisory – HP iLO Format String Read More »

?

Get in touch