Local File Inclusion

SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE

Leave a Comment / Vulnerability publication / By

Vulnerabilities SummaryThe following advisory describes two vulnerabilities found in Synology PhotoStation, an unauthenticated SQL injection combined with an authenticated arbitrary file writing with partially controlled data vulnerabilities which leads to remote code execution.CVECVE-2019-11821 and CVE-2019-11822CreditIndependent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Affected systems

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

6 Comments / Vulnerability publication / By

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to …

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation Read More »

SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

Leave a Comment / Vulnerability publication / By

Vulnerabilities Summary Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authenticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for …

SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution Read More »

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root …

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch