SSD Advisory – AContent Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities types found in AContent version 1.3.

AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, AContent contains the content authoring, test authoring, and content interoperability features of ATutor, producing a standalone tool that can be used with any system that supports IMS content interoperability standards.

The vulnerability found are:

  • Directory Traversal
  • Directory Traversal that lead to Remote Code Execution – question_import.php
  • Directory Traversal that lead to Remote Code Execution – ims_import.php
  • Directory Traversal that lead to Remote Code Execution – import_test.php

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
AContent has fixed the vulnerabilities in their GitHub master branch.
For more details:

Continue reading SSD Advisory – AContent Multiple Vulnerabilities

SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an arbitrary file disclosure vulnerability found in Cisco DPC3928AD DOCSIS 3.0 2-PORT Voice Gateway.

The Cisco DPC3928AD DOCSIS is a home wireless router that is currently "Out of support" but is provided by ISPs world wide.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We reported the vulnerability to Cisco and they informed us that the Cisco DPC3928AD sold to Technicolor: “The Cisco DPC3928AD was actually sold to Technicolor a while back. In this case, we will ask you to please contact Technicolor at security@technicolor.com to open a case with them”

After connecting Technicolor, they informed us that the product has reached end of life and they will not patch the vulnerability: “After an extensive search for the product to perform validation, we were unable to source the gateway to validate your proof of concept. Due to the end-of-sale and end-of-life of the product Technicolor will not be patching the bug.”

Continue reading SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Emby Media Server.

Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0.

Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. Two comparable media servers are Plex and Windows Media Center.

The vulnerabilities found in Emby Media Server are:

  • Directory Traversal
  • File Disclosure
  • SQL Injection

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
Emby has been notified in March 2017 about the vulnerability, shortly after they have released a new version that addresses this vulnerabilities. They however have not provided any version information or release notes that reflect this.

Continue reading SSD Advisory – Emby Media Server Multiple Vulnerabilities

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1.

By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content.

Oracle’s products for knowledge management help users find useful knowledge contained in corporate information stores.

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Oracle has released patches to address this vulnerability, for more details see: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html.

Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE