Directory Traversal

SSD Advisory – Cisco AnyConnect Privilege Elevation through Path Traversal

Vulnerability SummaryThe update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files in arbitrary locations. Successful exploitation of this vulnerability allows the attacker to gain SYSTEM privileges. CreditAn independent Security Researcher, Yorick Koster, has reported this vulnerability to SSD Secure …

SSD Advisory – Cisco AnyConnect Privilege Elevation through Path Traversal Read More »

SSD Advisory – FiberHome Directory Traversal

Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketing & sales, engineering service, in 4 major areas: fiber-optic communications, data networking communications, wireless communication, and …

SSD Advisory – FiberHome Directory Traversal Read More »

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you …

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution Read More »

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that …

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities Read More »

SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, …

SSD Advisory – Geneko Routers Unauthenticated Path Traversal Read More »

SSD Advisory – Sophos XG Firewall Path Traversal

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos …

SSD Advisory – Sophos XG Firewall Path Traversal Read More »

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a …

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities Read More »

SSD Advisory – AContent Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities types found in AContent version 1.3. AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, …

SSD Advisory – AContent Multiple Vulnerabilities Read More »

SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

Vulnerability Summary The following advisory describes an arbitrary file disclosure vulnerability found in Cisco DPC3928AD DOCSIS 3.0 2-PORT Voice Gateway. The Cisco DPC3928AD DOCSIS is a home wireless router that is currently "Out of support" but is provided by ISPs world wide. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam …

SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure Read More »

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Emby Media Server. Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0. Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. …

SSD Advisory – Emby Media Server Multiple Vulnerabilities Read More »

SSD Advisory – HiSilicon Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware. HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and …

SSD Advisory – HiSilicon Multiple Vulnerabilities Read More »

SSD Advisory – Tripwire IP360 Local File Inclusion

Vulnerabilities Summary The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application. Credit An independent security researcher Mohammed Shameem has reported this …

SSD Advisory – Tripwire IP360 Local File Inclusion Read More »

?

Get in touch