Vulnerability Summary The following advisory describes a File Disclosure vulnerability found in TerraMaster Operating System (TOS) version 3. TerraMaster Operating System, TOS is a Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched. Credit An independent security researcher has reported this vulnerability to … Continue reading SSD Advisory – TerraMaster Operating System (TOS) File Disclosure
from SSD Advisory – TerraMaster Operating System (TOS) File Disclosure
Showing posts with label Maor Schwartz. Show all posts
Showing posts with label Maor Schwartz. Show all posts
Sunday, May 7, 2017
Thursday, May 4, 2017
Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie
Every once in a while you hear on the news that cyber criminals were arrested, today I have the honor to interview the man who put them behind bars! Please meet @unixfreaxjp, founder and team leader of MalwareMustDie, NPO (malwaremustdie.org) and Kendo master (3rd Dan). Disclaimer: A lot of criminals are looking for him, so … Continue reading Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie
from Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie
from Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie
Tuesday, May 2, 2017
SSD Advisory – Serviio Media Server Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1. Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on … Continue reading SSD Advisory – Serviio Media Server Multiple Vulnerabilities
from SSD Advisory – Serviio Media Server Multiple Vulnerabilities
from SSD Advisory – Serviio Media Server Multiple Vulnerabilities
Tuesday, April 25, 2017
SSD Advisory – SquirrelMail Remote Code Execution
Vulnerability Summary The following advisory describes Remote Code Execution found in SquirrelMail version 1.4.22. SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very … Continue reading SSD Advisory – SquirrelMail Remote Code Execution
from SSD Advisory – SquirrelMail Remote Code Execution
from SSD Advisory – SquirrelMail Remote Code Execution
SSD Advisory – Emby Media Server Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Emby Media Server. Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0. Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. … Continue reading SSD Advisory – Emby Media Server Multiple Vulnerabilities
from SSD Advisory – Emby Media Server Multiple Vulnerabilities
from SSD Advisory – Emby Media Server Multiple Vulnerabilities
Tuesday, April 18, 2017
Know your community – Yasser Ali
Today we have the honor to interview Yasser Ali! “Hall of Fame” member in PayPal / Ebay / Microsoft / Sony / Facebook and more, Security Manager at BugBountyHQ (Bug Bounty Platform company), Senior Security Specialist at Deloitte and well known researcher. Questions Q: How many years have you been involved in the security field, … Continue reading Know your community – Yasser Ali
from Know your community – Yasser Ali
from Know your community – Yasser Ali
Sunday, April 9, 2017
SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project. … Continue reading SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
from SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
from SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
Monday, April 3, 2017
SSD Advisory – AlienVault OSSIM / USM Remote Command Execution
Vulnerability Summary The following advisory describes a Remote Command Execution vulnerability found in AlientVault OSSIM and USM version 5.3.4 and version 5.3.5. OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the … Continue reading SSD Advisory – AlienVault OSSIM / USM Remote Command Execution
from SSD Advisory – AlienVault OSSIM / USM Remote Command Execution
from SSD Advisory – AlienVault OSSIM / USM Remote Command Execution
Sunday, March 26, 2017
SSD Advisory – OpenCart Account Takeover
Vulnerability Summary The following advisory describes a account takeover vulnerability found in OpenCart (version 2.3.0.2). OpenCart is a opensource e-commerce platform written in PHP. “Opencart is an easy to-use, powerful, Open Source online store management program that can manage multiple online stores from a single back-end.” Credit An independent security researcher “Ayrx” has reported this … Continue reading SSD Advisory – OpenCart Account Takeover
from SSD Advisory – OpenCart Account Takeover
from SSD Advisory – OpenCart Account Takeover
Sunday, March 19, 2017
SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE
Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content. … Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE →
from SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE
from SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE
Tuesday, February 21, 2017
SSD Advisory – HiSilicon multiple vulnerabilities
Vulnerabilities Summary The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware. HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and … Continue reading SSD Advisory – HiSilicon multiple vulnerabilities →
from SSD Advisory – HiSilicon multiple vulnerabilities
from SSD Advisory – HiSilicon multiple vulnerabilities
Monday, February 20, 2017
Know your community – Steven Seeley
You all know him from Twitter as “mr_me” (@steventseeley) we are proud to interview Steven Seeley! Vulnerability researcher, Ruxcon and HITB speaker, founder of Source Incite and a long time Wing Chun student!! Questions Q: How many years have you been working in the security field? A: I have been working in the industry since … Continue reading Know your community – Steven Seeley →
from Know your community – Steven Seeley
from Know your community – Steven Seeley
Sunday, February 5, 2017
Security conferences – Survival guide 2017 Q2
As we promised, the security conferences “Survival guide” for 2017 Q2 is here! We have gathered the following information for you for each conference: Dates Place Link to official conference website Ticket price Lectures Workshops So let’s get started: Security conferences – Survival guide part 2 Infiltrate Dates: 6-7 April 2017 Place: Fontainebleau Miami,Florida US … Continue reading Security conferences – Survival guide 2017 Q2 →
from Security conferences – Survival guide 2017 Q2
from Security conferences – Survival guide 2017 Q2
Wednesday, February 1, 2017
Know your community – Kana Shinoda
Kana Shinoda is a well known persona in the security field, she is the organizer of Code Blue and APWG, a review board of HITB, and was a coordinator of Black Hat Japan, Conference Coordinator and CTF Interpreter of AVTOKYO and the list can go on and on. We had the honor to interview her … Continue reading Know your community – Kana Shinoda →
from Know your community – Kana Shinoda
from Know your community – Kana Shinoda
Monday, January 30, 2017
SSD Advisory – NCurses 5.9 Local Privilege Escalation
Vulnerability Summary The following advisory describes an Local Privilege Escalation vulnerability in NCurses, version 5.9. Credit An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor Responses NCurses has released a patch to address the vulnerability. Thomas Dickey has also added the following statement “I don’t … Continue reading SSD Advisory – NCurses 5.9 Local Privilege Escalation →
from SSD Advisory – NCurses 5.9 Local Privilege Escalation
from SSD Advisory – NCurses 5.9 Local Privilege Escalation
SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)
Vulnerabilities Summary The following advisory describes a Cross-Site Scripting (XSS) vulnerability found in WebSphere Portal version 8.0.0.1. IBM WebSphere Portal products provide enterprise web portals that help companies deliver a highly-personalized, social experience for their customers. WebSphere Portal products give users a single point of access to the applications, services, information and social connections they … Continue reading SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS) →
from SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)
from SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)
Monday, January 16, 2017
Know your community – Ionut Popescu
When we sponsored DefCamp Romania back in November 2016, I saw Ionut Popescu lecture “Windows shellcodes: To be continued” and thought to myself “He’s must be a key figure in the Romanian security community – I must interview him” so I did! Introduction Ionut is working as a Senior Penetration Tester for SecureWorks Romania. Speaker … Continue reading Know your community – Ionut Popescu →
from Know your community – Ionut Popescu
from Know your community – Ionut Popescu
Monday, January 9, 2017
Know your community – Eva Tanaskoska
On our last blog post “Know your community” we interviewed Orange Tsai from Taiwan. Today we had the honor to interview Eva Tanaskoska! Introduction Eva is 23 years old, just finished her Bachelor studies in Network Technologies and in the near future will move to the Netherlands to work in the information security industry. Questions … Continue reading Know your community – Eva Tanaskoska →
from Know your community – Eva Tanaskoska
from Know your community – Eva Tanaskoska
Monday, January 2, 2017
SSD Advisory – DropBear Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes four (4) vulnerabilities in DropBear. DropBear is a SSH server and client. It runs on a variety of POSIX-based platforms. DropBear is open source software, distributed under a MIT-style license. DropBear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. The four vulnerabilities found … Continue reading SSD Advisory – DropBear Multiple Vulnerabilities →
from SSD Advisory – DropBear Multiple Vulnerabilities
from SSD Advisory – DropBear Multiple Vulnerabilities
Sunday, January 1, 2017
SSD Advisory – Pervasive SQL Heap Overflow
Vulnerability Summary The following advisory describes Heap overflow vulnerability that can lead to remote code execution in Pervasive SQL server (Version 12.01.031.000). Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vulnerability Details Heap overflow vulnerability This vulnerability allows an attacker to overflow a heap buffer after Server-Client … Continue reading SSD Advisory – Pervasive SQL Heap Overflow →
from SSD Advisory – Pervasive SQL Heap Overflow
from SSD Advisory – Pervasive SQL Heap Overflow
Subscribe to:
Posts (Atom)