SSD Advisory – Webmin Multiple Vulnerabilities

Vulnerability summary
The following advisory describes three (3) vulnerabilities found in Webmin version 1.850

Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. See the standard modules page for a list of all the functions built into Webmin.”

The vulnerabilities found are:

  • XSS vulnerability that leads to Remote Code Execution
  • CSRF Schedule arbitrary commands
  • Server Side Request Forgery

Credit
An independent security researcher, hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Update 1
CVE:

  • CVE-2017-15644
  • CVE-2017-15645
  • CVE-2017-15646

The vendor has released patches to address these vulnerabilities.

For more information: https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 and http://www.webmin.com/security.html

Continue reading SSD Advisory – Webmin Multiple Vulnerabilities

SSD Advisory – PHP Melody Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3.

PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on.
A truly great CMS should help you save time and make your life easier not complicate it. Nobody enjoys spending time and money on inferior solutions. If you value your time, don’t settle for anything but the best video CMS with a proven track record, constant support and updates.”

The vulnerabilities found in PHP Melody are:

  • Stored PreAuth XSS that leads to administrator account takeover
  • SQL Injection (1)
  • SQL Injection (2)

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
PHP Melody has released patches to address this vulnerability.

For more information: http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/

CVE: CVE-2017-15578, CVE-2017-15579

Continue reading SSD Advisory – PHP Melody Multiple Vulnerabilities

SSD Advisory – Skype For Business XSS

Vulnerability Summary
The following advisory describes an XSS vulnerability found in Skype for Business.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability and has only provided these details in response to our query on the status: “implemented some changes in the latest version to sanitize HTML input”

Continue reading SSD Advisory – Skype For Business XSS

SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE

Vulnerability Summary

KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster (VLM) deployed on Hyper-V, VMWare, on bare metal or in the public cloud. KEMP is available in Azure, where it is in the top 15 deployed applications as well as in AWS and VMWare vCloud Air.

A cross site scripting web vulnerability has been discovered in KEMP LoadMaster v7.135.0.13245 (latest). A non authenticated user is able to inject his own malicious Javascript code into the system and use it to create a new web administrator user.

Vendor response
We were unable to get an update beyond this statement from the vendor:
Expect a fix in our new version available Jan 2017.

Continue reading SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE