Unauthenticated Action

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: …

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities Read More »

SSD安全公告-GitStack未经验证的远程代码执行漏洞

漏洞概要 以下安全公告描述了在GitStack中存在的一个未经身份验证的动作,允许远程攻击者添加新用户,然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。 这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows,并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。

SSD Advisory – Hotspot Shield Information Disclosure

Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.” Credit An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond …

SSD Advisory – Hotspot Shield Information Disclosure Read More »

SSD安全公告-Sophos XG从未经身份验证的存储型XSS漏洞到Root访问

漏洞概要 以下安全公告描述了在Sophos XG 17中发现的一个存储型XSS漏洞,成功利用该漏洞可以获取root访问。 Sophos XG防火墙“全新的控制中心为用户的网络提供前所未有的可视性。可以获得丰富的报告,还可以添加Sophos iView,以便跨多个防火墙进行集中报告。“

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also …

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Read More »

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setup your own private Git server for Windows. This means that you create a leading edge versioning system …

SSD Advisory – GitStack Unauthenticated Remote Code Execution Read More »

SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access

Vulnerability Summary The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17. Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized …

SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access Read More »

SSD Advisory – Trustwave SWG Unauthorized Access

Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway (SWG) “provides distributed enterprises effective real-time protection against dynamic new malware, strong policy enforcement, and a unique Zero-Malware Guarantee when managed for you …

SSD Advisory – Trustwave SWG Unauthorized Access Read More »

SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute.” The vulnerabilities found are: Hard-coded username and password – telnet Hard-coded username …

SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities Read More »

SSD安全公告-QNAP QTS未经认证的远程代码执行漏洞

漏洞概要 以下安全公告描述了QNAP QTS的一个内存损坏漏洞,成功利用该漏洞会造成QNAP QTS 4.3.x和4.2.x版本(包括4.3.3.0299)未经验证的远程代码执行。 威联通科技(QNAP Systems, Inc)专注于为企业,中小型企业,SOHO和家庭用户提供文件共享,虚拟化,存储管理和监控应用的网络解决方案。 QNAP QTS是标准的智能NAS操作系统,支持所有文件共享,存储,备份,虚拟化和多媒体QNAP设备。

?

Get in touch