Tag: Directory Traversal

Directory traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory. Web servers provide two main levels of security mechanisms. Access Control Lists (ACLs) Root directory.

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF.

Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that can transform scanned documents into editable files. Fill up forms, annotate and sign them as part of your workflow, and easily merge multiple documents or delete selected pages as necessary.

If you use a large display or multiple monitors, NitroPDF also offers the ability to display PDF documents side-by-side so that you can pore through multiple documents. Of course, you could use AquaSnap to do that.

The vulnerabilities found in Nitro PDF are:

  • Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command Execution
  • App.launchURL Command Execution
  • JPEG2000 npdf.dll Use-After-Free
  • Forms Parsing NPForms.npp Use-After-Free
  • File Parsing Count Field npdf.dll Memory Corruption
  • NewWindow Launch Action NPActions.npp Command
  • URI Action NPActions.npp Command Execution

This report contain the following vulnerabilities:

  • Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command Execution
  • App.launchURL Command Execution
  • JPEG2000 npdf.dll Use-After-Free

Credit
Two independent security researchers, Steven Seeley and anonymous, have reported these vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability. “Number of the reported vulnerabilities have been resolved and confirmed, and will included in our next release of Nitro Pro, 11.05.”

For more details: https://www.gonitro.com/support/downloads#securityUpdates
Continue reading SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series.

Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G and 4G cellular technologies.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We have informed Geneko of the vulnerability on the 28th of May 2017, the last email we received from them was on the 7th of June 2017. We have no further updates from Geneko regarding the availability of a patch or a workaround for the vulnerability.
CVE: CVE-2017-11456

Continue reading SSD Advisory – Geneko Routers Unauthenticated Path Traversal

SSD Advisory – Sophos XG Firewall Path Traversal

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe two (2) vulnerabilities, a Path Traversal and a Missing Function Level Access Control, in Sophos XG Firewall 16.05.4 MR-4.

Sophos XG Firewall provides “unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls”.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released patches to address this vulnerability:
“The patches were released as part of SFOS 16.05.5 MR5:
https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-05-5-mr5-released

Our internal bug number was NC-18958, mentioned in the changelog”

Continue reading SSD Advisory – Sophos XG Firewall Path Traversal

SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8.

“IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a GUI that is easily customizable, with a drag-anddrop dashboard design. Create private IT dashboards, team dashboards (server, application, capacity and networking teams, and even the specialist practitioner such as SharePoint farm administrators, etc.), and a network operations center (NOC) for the entire datacenter in minutes.”

The vulnerabilities found are:

  • SQL Injection (1)
  • SQL Injection (2)
  • Directory Traversal and File Access

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We notified IDERA about the vulnerabilities back in March 2017, repeated attempts to re-establish contact and get some answers on the status of the patch for this vulnerabilities went unanswered. At this time there is no solution or workaround for this vulnerability.
CVE’s:

  • SQL Injection (1) – CVE-2017-11470
  • SQL Injection (2) – CVE-2017-11471
  • Directory Traversal and File Access – CVE-2017-11469

Continue reading SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities