UPDATE: I got word that rileykidd has posted his own write-up, if you would like to see another solution go to: http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-part-1/ The following is a write-up on our Hack in the Box 2016 PHP Challenge that was part of the CTF. The CTF’s goal was to give researchers and security researcher (as CTF was …
Vulnerability Description A remote unauthenticated code execution vulnerability in Zyxel NSA310 allows remote attackers to execute arbitrary code as a ‘root’ user. The product is being actively sold by Zyxel. Originally the vendor stated that “NSA310 for reasons being that it has been out End of life for over 2 years” which left every customer buying …
SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310) Read More »
Introduction DocuShare is a content management system developed by Xerox Corporation. DocuShare makes use of open standards and allows for managing content, integrating it with other business systems, and developing customized and packaged software applications. Multiple vulnerabilities have been found in Xerox DocuShare: DSUtilityLib.HelperObj.4 Activex Control ShowHelp Method lstrcatW() Call Stack Buffer Overflow Vulnerability …
SSD Advisory – Xerox DocuShare Multiple Vulnerabilities Read More »
Introduction Infinite Automation Systems is headquartered in Lafayette, Colorado. The affected product, Mango Automation, is a centralized web-based SCADA/HMI and data acquisition software. According to Infinite Automation Systems, Mango Automation is deployed across several sectors including Commercial Facilities, Critical Manufacturing, Food and Agriculture, and Energy. Infinite Automation Systems estimates that these products are used worldwide. …
Vulnerability Description iLO is an embedded operating system available within HP Proliant and Integrity servers. IP is a feature within iLO that provides local and remote access for provisioning purposes. It was discovered that hidden requests were being made to server during a normal client session. Exploring this obfuscated functionality revealed the ability to execute …
SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning Read More »
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work. Introduction Rocket BlueZone Terminal Emulation Suite is the solution you need if you are looking to replace your aging, expensive, current Terminal Emulation solution. Our software …
SSD Advisory – Rocket BlueZone Multiple Vulnerabilities Read More »
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Kirby is “a file‑based …
SSD Advisory – Kirby CMS Multiple Vulnerabilities Read More »
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Dokeos e-Learning is an …
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction HP Proliant Servers provide …
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Symantec NetBackup OpsCenter is …
SSD Advisory – Symantec NetBackup OpsCenter Server Java Code Injection RCE Read More »
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Microsoft Word is a …
SSD Advisory – Microsoft Office Word 2003/2007 Code Execution Read More »
SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction ZendXml is a utility …
SSD Advisory – ZendXml Multibyte Payloads XXE/XEE Read More »
Any questions? Interested in our services?
We’d love to hear from you
