Category Archives: Full Disclosure

Full Disclosure

Multiple vulnerabilities in BMC Remedy

Posted by Simon Rawet on Oct 20

Document Title
==============
Multiple vulnerabilities in BMC Remedy

Reported By
===========
Simon Rawet from Outpost24
Kristian Varnai from Outpost24

Vendor description
==================
“Remedy Service Management Suite is an enterprise service management
platform built natively for mobile with an intuitive, people-centric
user experience that makes your whole organization more productive.”
Source:…

Read more

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Posted by Maor Shwartz on Oct 20

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Full report: https://blogs.securiteam.com/index.php/archives/3471
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes a stored cross site scripting that can be
used to trigger remote code execution in Endian Firewall version 5.0.3.

Endian Firewall is a “turnkey Linux security distribution, which is an
independent,…

Read more

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Posted by Maor Shwartz on Oct 20

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication
Stored XSS

Full report: https://blogs.securiteam.com/index.php/archives/3389
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes an unauthenticated stored XSS in the HPE
Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch.

The vulnerability affect versions:

Software Version: 01.00.10
Boot version:…

Read more

[RCE] TP-Link Remote Code Execution CVE-2017-13772

Posted by Kurtis Brown on Oct 20

** Advisory Information

Title: TP-Link Remote Code Execution
Blog URL: https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
Vendor: TP-Link
Date Published: 19/10/2017
CVE: CVE-2017-13772

** Vulnerability Summary

Numerous remote code execution paths were discovered in TP-Link’s
WR940N home WiFi router. Valid credentials are required for this
attack path. It is possible for an authenticated attacker to obtain a
remote…

Read more

[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure

Posted by Julien Ahrens on Oct 20

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Check_mk
Vendor URL: https://mathias-kettner.de/check_mk.html
Type: Race Condition [CWE-362]
Date found: 2017-09-21
Date published: 2017-10-18
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14955

2. CREDITS
==========
This vulnerability was discovered and researched by…

Read more

CVE-2017-12579 Local root privesc in Hashicorp vagrant-vmware-fusion 4.0.24

Posted by Mark Wadham on Oct 20

I have previously disclosed a couple of bugs in Hashicorp’s
vagrant-vmware-fusion plugin for vagrant.

Unfortunately the 4.0.23 release which was supposed to fix the previous
bug I
reported didn’t address the issue, so Hashicorp quickly put out another
release
– 4.0.24 – after that (but didn’t update the public changelog on
github).

Unfortunately 4.0.24 is still vulnerable, largely due to a fundamental
design
flaw in the way…

Read more

SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun

Posted by SEC Consult Vulnerability Lab on Oct 18

SEC Consult Vulnerability Lab Security Advisory < 20171018-0 >
=======================================================================
title: Multiple vulnerabilities
product: Afian AB FileRun
vulnerable version: 2017.03.18
fixed version: 2017.09.18
impact: critical
homepage: https://www.filerun.com | https://afian.se
found: 2017-08-28
by: Roman Ferdigg…

Read more

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products

Posted by SEC Consult Vulnerability Lab on Oct 18

SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see “Vulnerable / tested versions”
vulnerable version: see “Vulnerable / tested versions”
fixed version: no public fix, see solution/timeline
CVE number: –
impact: high…

Read more

SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

Posted by Maor Shwartz on Oct 17

SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

Full report: https://blogs.securiteam.com/index.php/archives/3484
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerabilities summary
The following advisory describes a use-after-free vulnerability found in
Linux Kernel’s implementation of AF_PACKET that can lead to privilege
escalation.

AF_PACKET sockets “allow users to send or receive packets on the device
driver level. This for…

Read more

SSD Advisory – Ikraus Anti Virus Remote Code Execution

Posted by Maor Shwartz on Oct 17

SSD Advisory – Ikraus Anti Virus Remote Code Execution

Full report: https://blogs.securiteam.com/index.php/archives/3485
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
The following advisory describes an remote code execution found in Ikraus
Anti Virus version 2.16.7.

KARUS anti.virus “secures your personal data and PC from all kinds of
malware. Additionally, the Anti-SPAM module protects you from SPAM and
malware…

Read more