SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE

Vulnerabilities Summary
The following advisory describes two vulnerabilities found in Synology PhotoStation, an unauthenticated SQL injection combined with an authenticated arbitrary file writing with partially controlled data vulnerabilities which leads to remote code execution.
CVE
CVE-2019-11821 and CVE-2019-11822
Credit
Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Affected systems

(more…)
April 1, 2019 Uncategorized Comments Off on SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE

SSD Advisory – QNAP HelpDesk SQL Injection

Vulnerability Summary
The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier.
QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App Center, and create a new Help Request. Helpdesk will automatically collect and attach NAS system information and system logs to your request, and you can provide other information such as the steps necessary to reproduce the error, the error message and screenshots so we can identify the problem faster.”
Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
QNAP has released patches to address this vulnerability.
For more information: https://www.qnap.com/en/security-advisory/nas-201709-29
CVE: CVE-2017-13068
(more…)

October 9, 2017 SecuriTeam Secure Disclosure 1 comment

SSD Advisory – PHP Melody Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3.
PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on.
A truly great CMS should help you save time and make your life easier not complicate it. Nobody enjoys spending time and money on inferior solutions. If you value your time, don’t settle for anything but the best video CMS with a proven track record, constant support and updates.”
The vulnerabilities found in PHP Melody are:

  • Stored PreAuth XSS that leads to administrator account takeover
  • SQL Injection (1)
  • SQL Injection (2)

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
PHP Melody has released patches to address this vulnerability.
For more information: http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/
CVE: CVE-2017-15578, CVE-2017-15579
(more…)

October 9, 2017 SecuriTeam Secure Disclosure 3 comments

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8.
“IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a GUI that is easily customizable, with a drag-anddrop dashboard design. Create private IT dashboards, team dashboards (server, application, capacity and networking teams, and even the specialist practitioner such as SharePoint farm administrators, etc.), and a network operations center (NOC) for the entire datacenter in minutes.”
The vulnerabilities found are:

  • SQL Injection (1)
  • SQL Injection (2)
  • Directory Traversal and File Access

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
We notified IDERA about the vulnerabilities back in March 2017, repeated attempts to re-establish contact and get some answers on the status of the patch for this vulnerabilities went unanswered. At this time there is no solution or workaround for this vulnerability.
CVE’s:

  • SQL Injection (1) – CVE-2017-11470
  • SQL Injection (2) – CVE-2017-11471
  • Directory Traversal and File Access – CVE-2017-11469

(more…)

June 8, 2017 SecuriTeam Secure Disclosure Comments Off on SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Emby Media Server.
Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0.
Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. Two comparable media servers are Plex and Windows Media Center.
The vulnerabilities found in Emby Media Server are:

  • Directory Traversal
  • File Disclosure
  • SQL Injection

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor Response
Emby has been notified in March 2017 about the vulnerability, shortly after they have released a new version that addresses this vulnerabilities. They however have not provided any version information or release notes that reflect this.
(more…)

April 25, 2017 SecuriTeam Secure Disclosure Comments Off on SSD Advisory – Emby Media Server Multiple Vulnerabilities