SSD安全公告-Endian防火墙从存储型XSS到远程命令执行

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要

以下安全公告描述了在Endian防火墙5.0.3版本中存在的一个存储型XSS漏洞,成功利用该漏洞可造成远程代码执行。

Endian防火墙是一个“专注Linux安全的发行版本,,它是一个独立的,统一的安全管理操作系统。 Endian防火墙基于强化的Linux操作系统。”

漏洞提交者

一位独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞

厂商响应

厂商已经发布针对该漏洞的补丁。获取更多信息: https://help.endian.com/hc/en-us/articles/115012996087

Continue reading SSD安全公告-Endian防火墙从存储型XSS到远程命令执行

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3.

Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Endian has released patches to address this vulnerability.

For more information: https://help.endian.com/hc/en-us/articles/115012996087

Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch.

The vulnerability affect versions:

  • Software Version: 01.00.10
  • Boot version: 1.0.0.14
  • Hardware Version: 01.01.0a

“On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been fully absorbed by Hewlett-Packard and no longer exists as a separate entity.”

Every 3Com model changed its identification number. The new HP name/ID number for this switch is “HP Baseline Smart Gig SFP 24 – JE002A”

There is no other difference between 3CBLSG24 and JE002A.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
HPE was informed of the vulnerability, their response was: “This issue is not going to be resolved. We had hoped resources could be found to address the issue, but the business determined that the product is out of support life. It’s been this way for several years. We hoped we could communicate something to customers about the product, but this switch is truly not supported in that way either.”

Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

SSD Advisory – PHP Melody Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3.

PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on.
A truly great CMS should help you save time and make your life easier not complicate it. Nobody enjoys spending time and money on inferior solutions. If you value your time, don’t settle for anything but the best video CMS with a proven track record, constant support and updates.”

The vulnerabilities found in PHP Melody are:

  • Stored PreAuth XSS that leads to administrator account takeover
  • SQL Injection (1)
  • SQL Injection (2)

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
PHP Melody has released patches to address this vulnerability.

For more information: http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/

CVE: CVE-2017-15578, CVE-2017-15579

Continue reading SSD Advisory – PHP Melody Multiple Vulnerabilities