Remote File Inclusion

SSD Advisory – Ruckus IoT vRIoT Server Vulnerabilities

Vulnerability SummaryThe Ruckus IoT Suite is a collection of network hardware and software infrastructure used to enable multi-standard Internet of Things devices access the network. The IoT Controller, part of the IoT Suite, is a virtual controller that performs connectivity, device and security management for non Wi-Fi devices.Many functionalities are exposed by the IoT Controller …

SSD Advisory – Ruckus IoT vRIoT Server Vulnerabilities Read More »

SSD Advisory – Horde Groupware Webmail Authenticated Arbitrary File Injection to RCE

Vulnerabilities SummaryThe following advisory discusses an arbitrary file injection vulnerability that leads to remote code execution in Horde Groupware Webmail. This vulnerability can be exploited by any authenticated, unprivileged user which able to create a malicious PHP file under the Horde web root and gain arbitrary code execution on the server. The vulnerability is located …

SSD Advisory – Horde Groupware Webmail Authenticated Arbitrary File Injection to RCE Read More »

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5. vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites …

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Read More »

SSD Advisory – DblTek Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 (two) vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 16, and 32-channel in order to meet the wide range of market …

SSD Advisory – DblTek Multiple Vulnerabilities Read More »

SSD Advisory – Sophos XG Firewall Path Traversal

Vulnerabilities Summary The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4. Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos …

SSD Advisory – Sophos XG Firewall Path Traversal Read More »

SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities

Vulnerabilities SummaryThe following advisory describes Reflected Cross-Site Scripting (XSS) vulnerabilities and a Remote File Inclusion vulnerability that when combined can lead to arbitrary Javascript code execution, were found in HP OpenCall Media Platform (OCMP), version 4.3.2.HPE OpenCall Media Platform (OCMP) is a suite of software and hardware applications which allow implementation of common telecom operator …

SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities Read More »

?

Get in touch