Remote Command Execution Archives - Page 4 of 4

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

5 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures …

SSD Advisory – McAfee Security Scan Plus Remote Command Execution Read More »

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

3 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that …

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities Read More »

SSD Advisory – EMC IsilonSD Edge Management Server Command Injection

3 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge Management Server version 1.0.1.0005. IsilonSD Edge Management Server enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, …

SSD Advisory – EMC IsilonSD Edge Management Server Command Injection Read More »

SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Trend Micro Interscan Web Security Virtual Appliance version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads.” The vulnerabilities found in Trend Micro …

SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities Read More »

SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE

1 Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster (VLM) deployed on Hyper-V, VMWare, on bare metal or in the public cloud. KEMP is available in Azure, …

SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE Read More »

SSD Advisory – Linksys PPPoE Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Linksys EA, XAC and AC series devices. The vulnerabilities has been found in the way the Linksys devices (EA, XAC and AC series) handle the Point-to-point protocol over Ethernet (PPPoE) Discovery (PPPoED) process allowing an unprivileged active attacker on the same network segment (layer2) …

SSD Advisory – Linksys PPPoE Multiple Vulnerabilities Read More »

SSD Advisory – AlienVault OSSIM / USM Remote Command Execution

1 Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following advisory describes a Remote Command Execution vulnerability found in AlientVault OSSIM and USM version 5.3.4 and version 5.3.5. OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the …

SSD Advisory – AlienVault OSSIM / USM Remote Command Execution Read More »

SSD Advisory – ZendMail Remote Command Execution Vulnerability

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following report describes a remote code execution vulnerability found in ZendMail. The vulnerability allows an attacker injecting additional parameters to the sendmail binary via the From address. Credit An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

5 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following advisory describes four (4) vulnerabilities and default accounts / passwords in ZyXEL / Billion customized routers. TrueOnline is a major Internet Service Provider in Thailand that provides customized versions of routers to its customers, free of charge. The routers are manufactured by ZyXEL and Billion runs a special Linux distribution called …

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities Read More »

SSD Advisory – Wget Arbitrary Commands Execution

8 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Description A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which …

SSD Advisory – Wget Arbitrary Commands Execution Read More »

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Description iLO is an embedded operating system available within HP Proliant and Integrity servers. IP is a feature within iLO that provides local and remote access for provisioning purposes. It was discovered that hidden requests were being made to server during a normal client session. Exploring this obfuscated functionality revealed the ability to execute …

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning Read More »

SSD Advisory – OneNote 2007 Arbitrary Code Execution

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Microsoft OneNote (formerly called …

SSD Advisory – OneNote 2007 Arbitrary Code Execution Read More »

Remote Command Execution

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

SSD Advisory – EMC IsilonSD Edge Management Server Command Injection

SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities

SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE

SSD Advisory – Linksys PPPoE Multiple Vulnerabilities

SSD Advisory – AlienVault OSSIM / USM Remote Command Execution

SSD Advisory – ZendMail Remote Command Execution Vulnerability

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

SSD Advisory – Wget Arbitrary Commands Execution

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning

SSD Advisory – OneNote 2007 Arbitrary Code Execution

Get in touch

?

?

Get in touch