You searched for {search_term_string} - Page 2 of 10

SSD Advisory – HP iLO Format String

September 1, 2015noamrSecuriTeam Secure Disclosure

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for…

SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities

May 23, 2017ssd-researcherSecuriTeam Secure Disclosure

…string for the underlying Informix database, based on the row previously inserted. Given this it is possible to inject the ‘TRANSLATIONDLL‘ property into this connection string and to cause the…

SSD Advisory – CloudBees Jenkins Unauthenticated Code Execution

May 1, 2017ssd-researcherSecuriTeam Secure Disclosure

…Serializable payload; public Payload(String cmd) throws Exception { this.payload = this.setup(cmd); } public Serializable setup(String cmd) throws Exception { final String[] execArgs = new String[] { cmd }; final Transformer[]…

SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE

January 20, 2019January 20, 2019SSD Disclosure / Ori NimronSecuriTeam Secure Disclosure

…string variables, such as Columns, Rows, Refresh_rate and Time_period. The content of these query string variables is then written to /opt/CSCOcpm/mnt/dashboard/liveAuthProps.txt, and the server responds with a 200 OK. These…

SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow

May 18, 2017ssd-researcherSecuriTeam Secure Disclosure

…an “organizationName” is found, its corresponding value string is passed in a call to a CRC32-computing function. The function returns the inverted (bitwise NOT) CRC32 sum of the string. Please…

SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

April 18, 2018noamrSecuriTeam Secure Disclosure

…customer’s DrayTek devices.” Credit An independent security researcher, Pedro Ribeiro, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response “We’ll release the new version 2.2.2 to…

SSD Advisory – Infinite Automation Systems Mango Cross Site Scripting and Arbitrary File Upload

November 25, 2015noamrSecuriTeam Secure Disclosure

…[<options>] -t [target] -d [directory]” usage += “\nExample: ./%prog -p localhost:8080 -t 192.168.116.134 -P 8081 -i vmnet8” parser = OptionParser(usage=usage) parser.add_option(“-p”, type=”string“,action=”store”, dest=”proxy”, help=”HTTP proxy <server:port>”) parser.add_option(“-t”, type=”string“, action=”store”, dest=”target”,…

SSD Advisory – Symantec Critical System Protection Remote Code Execution

July 11, 2015noamrSecuriTeam Secure Disclosure

filename) { File file; String agentName = null; int index = filename.indexOf(‘.’, 24); if(index > 0) agentName = filename.substring(24, index); else agentName = filename.substring(24); String date = mFormat.format(mParser.parse(filename.substring(0, 8))); String…

SSD Advisory – Oracle Endeca Workbench (CAS) Beanshell Script Remote Code Execution / Session Generation Authentication Bypass

July 15, 2015noamrSecuriTeam Secure Disclosure

researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Oracle Endeca‘s Web (now called Oracle Commerce Guided Search/Experience…

SSD Advisory – ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution

July 26, 2015noamrSecuriTeam Secure Disclosure

= this; /* 64*/ _jspx_out = null; /* 65*/ _jspx_page_context = null; String sqlQuery; String sqlTask; Hashtable rows; int rowsAffected; String errorMessage; /* 69*/ response.setContentType(“text/html”); /* 70*/ PageContext pageContext =…

SSD Secure Disclosure

Search Results for: {search_term_string}