Information Disclosure

SSD Advisory – Microsoft Office SMB Information Disclosure

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes an information disclosure found in Microsoft Office versions 2010, 2013, and 2016. Microsoft Office is: “Whether you’re working or playing, Microsoft is here to help. We’re the company that created Microsoft Office, including Office 365 Home, Office 365 Personal, Office Home & Student 2016, Office Home & Business 2016, …

SSD Advisory – Microsoft Office SMB Information Disclosure Read More »

SSD Advisory – QNAP HelpDesk SQL Injection

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App …

SSD Advisory – QNAP HelpDesk SQL Injection Read More »

SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd ( Tiandy Tech) is “one of top 10 leading CCTV manufacturer in China and a global supplier of advanced video surveillance solutions.” Credit An independent security researcher has reported this vulnerability to Beyond …

SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure Read More »

SSD Advisory – FLIR Systems Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes 5 (five) vulnerabilities found in FLIR Systems FLIR Thermal/Infrared Camera FC-Series S, FC-Series ID, PT-Series. FLIR – “Best-in-class thermal cameras with on-board analytics for high-performance intrusion detection. The new FC-Series ID combines best-in-class thermal image detail and high-performance edge perimeter analytics together in a single device that delivers optimal …

SSD Advisory – FLIR Systems Multiple Vulnerabilities Read More »

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root …

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities Read More »

SSD Advisory – Polycom Memory Disclosure

Leave a Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describe a Memory Disclosure vulnerability found in Polycom SoundPoint IP Telephone HTTPd server. Polycom is the leader in HD video conferencing, voice conferencing & telepresence enabling open, standards-based video collaboration. Increase the productivity of your phone calls and conference calls by making sure everyone can hear each other clearly and …

SSD Advisory – Polycom Memory Disclosure Read More »

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Leave a Comment / Hack2Win, Vulnerability publication / By

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN …

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Read More »

SSD Advisory – Serviio Media Server Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1. Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on …

SSD Advisory – Serviio Media Server Multiple Vulnerabilities Read More »

SSD Advisory – EasyIO Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. The three vulnerabilities found in EasyIO include: Unauthenticated remote code execution Unauthenticated database file download Authenticated directory traversal vulnerability The vulnerability affected …

SSD Advisory – EasyIO Multiple Vulnerabilities Read More »

SSD Advisory – Fax.de Information Disclosure

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes an information disclosure found at Fax.de. The vulnerability allowed an unauthenticated user to download other customers’ faxes in the past 24 hours without needing to preform anything more than to visit a directory and download the files found there. Credit An independent security researcher has reported this vulnerability to …

SSD Advisory – Fax.de Information Disclosure Read More »

SSD Advisory – eBay Arbitrary Invoice Disclosure

Leave a Comment / Vulnerability publication / By

Vulnerability Description A vulnerability in the way invoices are handled by eBay allows users that sell items on eBay to view other’s reseller’s invoices. Though access to the invoice is somewhat arbitrary, there is no easy way to find a specific invoice of a specific seller, it is possible to harvest a large amount of …

SSD Advisory – eBay Arbitrary Invoice Disclosure Read More »

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103)

Leave a Comment / Vulnerability publication / By

  Introduction A security vulnerability in Microsoft Exchange has been discovered that allows attackers to cause the server to return the cookie information inside the HTML response. This would allow an attacker to use Javascript to access, the otherwise inaccessible, cookie information and utilize this information to login to an active Exchange Server’s OWA web …

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103) Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch