SQL Injection

SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE

Leave a Comment / Vulnerability publication / By

Vulnerabilities SummaryThe following advisory describes two vulnerabilities found in Synology PhotoStation, an unauthenticated SQL injection combined with an authenticated arbitrary file writing with partially controlled data vulnerabilities which leads to remote code execution.CVECVE-2019-11821 and CVE-2019-11822CreditIndependent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Affected systems

SSD Advisory – QNAP HelpDesk SQL Injection

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App …

SSD Advisory – QNAP HelpDesk SQL Injection Read More »

SSD Advisory – PHP Melody Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly great CMS should help you save time and make …

SSD Advisory – PHP Melody Multiple Vulnerabilities Read More »

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a …

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities Read More »

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Emby Media Server. Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0. Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. …

SSD Advisory – Emby Media Server Multiple Vulnerabilities Read More »

SSD Advisory – Oracle Java FTP Stream Injection

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere” (WORA). Credit An independent security …

SSD Advisory – Oracle Java FTP Stream Injection Read More »

SSD Advisory – SAP Afaria SQL Injection

Leave a Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Responses SAP Afaria has released patch to address the vulnerability – SP5

SSD Advisory – Zenario CMS Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Zenario is a web-based …

SSD Advisory – Zenario CMS Multiple Vulnerabilities Read More »

SSD Advisory – ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution

Leave a Comment / Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction ManageEngine Exchange Reporter Plus …

SSD Advisory – ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch