SSD Advisory – Sentora Web Hosting Control Panel Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Sentora Web Hosting Control Panel that lead to remote code execution.

Sentora is a free to download and use web hosting control panel developed for Linux, UNIX and BSD based servers or computers. The Sentora software can turn a domestic or commercial server into a fully fledged, easy to use and manage web hosting server.

The vulnerabilities found in Sentora Web Hosting Control Panel are:

  • Authenticated Code Execution
  • Privilege Escalation

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
The vendor has released an new version of the product which addressed the vulnerabilities.

Continue reading SSD Advisory – Sentora Web Hosting Control Panel Multiple Vulnerabilities

SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Horde Groupware Webmail.

Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project. Horde Groupware Webmail Edition bundles the separately available applications IMP, Ingo, Kronolith, Turba, Nag, Mnemo, Gollem, and Trean.

It can be extended with any of the released Horde applications or the applications that are still in development, like a bookmark manager or a file manager.

Affected versions: Horde 5, 4 and 3

The vulnerabilities found in Horde Groupware Webmail are:

  • Authentication Remote Code Execution
  • Unauthentication Remote Code Execution

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Horde has released a patch to address the vulnerabilities.

For more information: https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html

Continue reading SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities