SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in IDERA Uptime Monitor version 7.8.

“IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise, remotely, or in the Cloud. Uptime Infrastructure Monitor provides a unified view of IT environment health and a GUI that is easily customizable, with a drag-anddrop dashboard design. Create private IT dashboards, team dashboards (server, application, capacity and networking teams, and even the specialist practitioner such as SharePoint farm administrators, etc.), and a network operations center (NOC) for the entire datacenter in minutes.”

The vulnerabilities found are:

  • SQL Injection (1)
  • SQL Injection (2)
  • Directory Traversal and File Access

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We notified IDERA about the vulnerabilities back in March 2017, repeated attempts to re-establish contact and get some answers on the status of the patch for this vulnerabilities went unanswered. At this time there is no solution or workaround for this vulnerability.
CVE’s:

  • SQL Injection (1) – CVE-2017-11470
  • SQL Injection (2) – CVE-2017-11471
  • Directory Traversal and File Access – CVE-2017-11469

Continue reading SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Emby Media Server.

Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0.

Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. Two comparable media servers are Plex and Windows Media Center.

The vulnerabilities found in Emby Media Server are:

  • Directory Traversal
  • File Disclosure
  • SQL Injection

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
Emby has been notified in March 2017 about the vulnerability, shortly after they have released a new version that addresses this vulnerabilities. They however have not provided any version information or release notes that reflect this.

Continue reading SSD Advisory – Emby Media Server Multiple Vulnerabilities

SSD Advisory – SAP Afaria SQL Injection

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Responses
SAP Afaria has released patch to address the vulnerability – SP5

Continue reading SSD Advisory – SAP Afaria SQL Injection