Use After Free

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning

Vulnerability Description iLO is an embedded operating system available within HP Proliant and Integrity servers. IP is a feature within iLO that provides local and remote access for provisioning purposes. It was discovered that hidden requests were being made to server during a normal client session. Exploring this obfuscated functionality revealed the ability to execute …

SSD Advisory – Remote Command Execution in Proliant iLO Intelligent Provisioning Read More »

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103)

  Introduction A security vulnerability in Microsoft Exchange has been discovered that allows attackers to cause the server to return the cookie information inside the HTML response. This would allow an attacker to use Javascript to access, the otherwise inaccessible, cookie information and utilize this information to login to an active Exchange Server’s OWA web …

SSD Advisory – Microsoft Exchange Server Information Disclosure Proof of Concept (MS15-103) Read More »

Hack2Win – a CodeBlue Conference Event

Hi everyone, (Please note there is an update for this event here: https://blogs.securiteam.com/index.php/archives/2653) A Japanese version is available here: https://blogs.securiteam.com/index.php/archives/2630 We have decided this year to not only sponsor CodeBlue, but also try something new (for us and I believe the conference’s attendees). We will be bringing 11 devices to the conference premises and allowing …

Hack2Win – a CodeBlue Conference Event Read More »

SSD Advisory – Kloxo Sensitive Information Disclosure

Introduction Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions. Vulnerability Details Kloxo contains a vulnerability that could allow an authenticated remote attacker (client or auxiliary) to get almost any info from DB, for example passwords of other users (including administrators), credentials for …

SSD Advisory – Kloxo Sensitive Information Disclosure Read More »

SSD Advisory – Ubiquiti Networks mFi Controller Server Authentication Bypass

(Update: We are republishing this after removing it – as requested by the vendor – but as the vendor has not responded nor provided any progress in the last 30 days, we are making the information public again) Introduction mFi hardware and software combines plug-and-play installation with big-data analytics, event reporting and scheduling to create …

SSD Advisory – Ubiquiti Networks mFi Controller Server Authentication Bypass Read More »

SSD Advisory – HP iLO Format String

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction HP Proliant Servers provide …

SSD Advisory – HP iLO Format String Read More »

SSD Advisory – Microsoft Office Word 2003/2007 Code Execution

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Microsoft Word is a …

SSD Advisory – Microsoft Office Word 2003/2007 Code Execution Read More »

SSD Advisory – ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction ManageEngine Exchange Reporter Plus …

SSD Advisory – ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution Read More »

SSD Advisory – Oracle Endeca Workbench (CAS) Beanshell Script Remote Code Execution / Session Generation Authentication Bypass

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Oracle Endeca‘s Web (now …

SSD Advisory – Oracle Endeca Workbench (CAS) Beanshell Script Remote Code Execution / Session Generation Authentication Bypass Read More »

SSD Advisory – OneNote 2007 Arbitrary Code Execution

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Microsoft OneNote (formerly called …

SSD Advisory – OneNote 2007 Arbitrary Code Execution Read More »

SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction LibreOffice is a powerful …

SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability Read More »

?

Get in touch