SSD Advisory – Xerox DocuShare Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Introduction
DocuShare is a content management system developed by Xerox Corporation. DocuShare makes use of open standards and allows for managing content, integrating it with other business systems, and developing customized and packaged software applications.

Multiple vulnerabilities have been found in Xerox DocuShare:
 

  • DSUtilityLib.HelperObj.4 Activex Control ShowHelp Method lstrcatW() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 ActiveX Control GetResourceString Method _vswprintf() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 Activex Control ProfileInt Property wsprintfW() Call Stack Buffer Overflow Vulnerability
  • DSITEMENUMLib.ItemObj.4 Activex Control Basetype Property Stack Buffer Overflow Vulnerability
  • DsSearch.SearchConsole.1 ActiveX Control RestrictGlobalScope Method wcscpy() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 Activex Control RunCommand Method CreateProcessW() Call Command Execution Vulnerability

Continue reading SSD Advisory – Xerox DocuShare Multiple Vulnerabilities

SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Description
RecoverPoint’s virtual appliance can be accessible via SSH with the default credentials of boxmgmt:boxmgmt; during testing, no password change option was found. Using these credentials, it’s possible to escape the management interface via command injection to drop into a shell and further take advantage of sudo privileged operations to read arbitrary files as root. It also may also be possible to execute arbitrary os commands as root, but this was not confirmed.

Continue reading SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass

SSD Advisory – Infinite Automation Systems Mango Cross Site Scripting and Arbitrary File Upload

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Introduction
Infinite Automation Systems is headquartered in Lafayette, Colorado.

The affected product, Mango Automation, is a centralized web-based SCADA/HMI and data acquisition software. According to Infinite Automation Systems, Mango Automation is deployed across several sectors including Commercial Facilities, Critical Manufacturing, Food and Agriculture, and Energy. Infinite Automation Systems estimates that these products are used worldwide.

Vulnerable Versions
Mango Automation version 2.5.0 through Version 2.6.0 beta (builds prior to 430)

Vulnerability Description
Improper verification of uploaded image files allows arbitrary files to be uploaded, which may allow for the execution of malicious JSP script files. In addition, the application does not verify HTTP requests, causing it to be vulnerable to a cross site scripting vulnerability.

Continue reading SSD Advisory – Infinite Automation Systems Mango Cross Site Scripting and Arbitrary File Upload

SSD Advisory – eBay Arbitrary Invoice Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Description
A vulnerability in the way invoices are handled by eBay allows users that sell items on eBay to view other’s reseller’s invoices. Though access to the invoice is somewhat arbitrary, there is no easy way to find a specific invoice of a specific seller, it is possible to harvest a large amount of invoice and gather sensitive information from them. This information includes (though not in all invoices):
Continue reading SSD Advisory – eBay Arbitrary Invoice Disclosure