Remote Code Execution

SSD Advisory – ZendMail Remote Command Execution Vulnerability

Vulnerability Summary The following report describes a remote code execution vulnerability found in ZendMail. The vulnerability allows an attacker injecting additional parameters to the sendmail binary via the From address. Credit An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

Vulnerability Summary The following advisory describes four (4) vulnerabilities and default accounts / passwords in ZyXEL / Billion customized routers. TrueOnline is a major Internet Service Provider in Thailand that provides customized versions of routers to its customers, free of charge. The routers are manufactured by ZyXEL and Billion runs a special Linux distribution called …

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities Read More »

SSD Advisory – EasyIO Multiple Vulnerabilities

Vulnerability Summary The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. The three vulnerabilities found in EasyIO include: Unauthenticated remote code execution Unauthenticated database file download Authenticated directory traversal vulnerability The vulnerability affected …

SSD Advisory – EasyIO Multiple Vulnerabilities Read More »

SSD Advisory – CakePHP Multiple Vulnerabilities

Vulnerability Description The following advisory describes two (2) different vulnerabilities. One related to CakePHP framework and the other in a product that uses the CakePHP framework: CakePHP Arbitrary Source Address Spoofing Croogo ACL Bypass Credit An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

SSD Advisory – Horde Webmail Multiple Vulnerabilities

Vulnerabilities Description The following report describes two (2) different vulnerabilities found in Horde Webmail (version 5.2.15), used by hundred of thousands websites around the world. The vulnerabilities allows the attacker to gain remote command execution. The following vulnerabilities in Horde were found: PHP script execution via CSRF attack Upload an SVG image file containing malicious Javascript code Credit An …

SSD Advisory – Horde Webmail Multiple Vulnerabilities Read More »

SSD Advisory – Untangle NG Firewall Remote Command Execution

Vulnerability Description The Untangle NG Firewall appliance includes a free module called “Captive Portal”. This module is installed by default with several other recommended modules. This module works as 2FA authentication system, which enables multi user login (in VPN or LAN environment for example) and custom firewall rules for each one. It forces all traffic …

SSD Advisory – Untangle NG Firewall Remote Command Execution Read More »

SSD Advisory – Ghost CMS Multiple Vulnerabilities

Vulnerabilities Description The following report describes four (4) different vulnerabilities found in Ghost CMS software, used in hundred of thousands of blog around the world. The vulnerabilities allows the attacker to disrupt the service and change the content of the blog. Moreover is also possible to perform some kind of DoS ( Denial of Service …

SSD Advisory – Ghost CMS Multiple Vulnerabilities Read More »

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities

Background WebNMS is an industry-leading framework for building network management applications. With over 25,000 deployments worldwide and in every Tier 1 Carrier, network equipment providers and service providers can customize, extend and rebrand WebNMS as a comprehensive Element Management System (EMS) or Network Management System (NMS). NOC Operators, Architects and Developers can customize the functional …

SSD Advisory – WebNMS Framework Server Multiple Vulnerabilities Read More »

SSD Advisory – 3CX VoIP Phone System Manager Server Remote Code Execution Vulnerability (with SYSTEM privileges)

Vulnerability Description The 3CX product installs a Windows service called “Abyss Web Server” (abyssws.exe) which listens on default public ports 5000 (tcp/http) and 5001 (tcp/https) for incoming requests to the web panel and runs with NT AUTHORITY\SYSTEM privileges. Without requiring authentication/authorization it is possible to upload arbitrary scripts into an accessible web path through the …

SSD Advisory – 3CX VoIP Phone System Manager Server Remote Code Execution Vulnerability (with SYSTEM privileges) Read More »

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution

Vulnerability Description A remote authenticated user (student) could place malicious PHP files inside a public web path and execute arbitrary code/commands (note that self-registration will be probably enabled on most implementations). This is because the insitem() function inside /appLms/modules/scorm/scorm.php which subsequently calls into /addons/pclzip/pclzip.lib.php to extract uploaded zip files. If the zip file contains a …

SSD Advisory – Forma LMS scorm.php Directory Traversal Vulnerability and Remote Code Execution Read More »

SSD Advisory – Wget Arbitrary Commands Execution

Vulnerability Description A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which …

SSD Advisory – Wget Arbitrary Commands Execution Read More »

?

Get in touch