Directory Traversal

SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) and two (2) vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2) The three vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) are: Directory traversal and Command injection vulnerabilities leading to Remote Command Execution “ShowIcon” Servlet …

SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities Read More »

SSD Advisory – EasyIO Multiple Vulnerabilities

Vulnerability Summary The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. The three vulnerabilities found in EasyIO include: Unauthenticated remote code execution Unauthenticated database file download Authenticated directory traversal vulnerability The vulnerability affected …

SSD Advisory – EasyIO Multiple Vulnerabilities Read More »

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities

Background WebNMS is an industry-leading framework for building network management applications. With over 25,000 deployments worldwide and in every Tier 1 Carrier, network equipment providers and service providers can customize, extend and rebrand WebNMS as a comprehensive Element Management System (EMS) or Network Management System (NMS). NOC Operators, Architects and Developers can customize the functional …

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities Read More »

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution

Vulnerability Description A remote authenticated user (student) could place malicious PHP files inside a public web path and execute arbitrary code/commands (note that self-registration will be probably enabled on most implementations). This is because the insitem() function inside /appLms/modules/scorm/scorm.php which subsequently calls into /addons/pclzip/pclzip.lib.php to extract uploaded zip files. If the zip file contains a …

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution Read More »

SSD Advisory – Live555 Exploitable Buffer Overflow and Directory Traversal

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Live555 Media Server is …

SSD Advisory – Live555 Exploitable Buffer Overflow and Directory Traversal Read More »

?

Get in touch