SSD Advisory – MuraCMS Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in MuraCMS version 6.2. MuraCMS is an open source content management system for CFML, created by Blue River Interactive Group. Mura has been designed to be used by marketing departments, web designers and developers.

The vulnerabilities found in MuraCMS are:

  1. Unauthenticated remote arbitrary code execution
  2. Unrestricted file upload

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
BlurRiver has released patch to address the vulnerabilities: “we put builds with the vulnerabilities patched and then released a blog as well as communicated via our Google group, Slack channel, twitter and mailing list.”

The patch and blog post can be found here

Continue reading SSD Advisory – MuraCMS Multiple Vulnerabilities

SSD Advisory – HTC Sync Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a remote code execution (RCE) found in HTC Sync version v3.3.63.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vulnerability was not reported to the vendor because the product has reached end of life on 31 August 2016 and was replaced by HTC Sync Manager which is not vulnerable to this vulnerability.

Continue reading SSD Advisory – HTC Sync Remote Code Execution

SSD Advisory – Oracle Java FTP Stream Injection

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere” (WORA).

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We have reported this vulnerability to Oracle, and have been waiting for several months for a patch for this vulnerability. Another researcher has discovered this vulnerability and went public with it – at which point we decided to publish the information without waiting for Oracle to release a patch.

Continue reading SSD Advisory – Oracle Java FTP Stream Injection

SSD Advisory – HiSilicon Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware.

HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and solution for network surveillance, videophone, DVB and IPTV.

The vulnerabilities found in HiSilicon ASIC firmware are:

  1. Buffer overflow in built-in webserver
  2. Directory path traversal built-in webserver

The list of vendors working with HiSilicon is unknown. We manage to identify 55 different vendors, all of them are still vulnerable.

Here is example of 10 vendors using the HiSilicon application-specific integrated circuit (ASIC) chip set in their products (the full list can be found in the end of this report):

  1. http://www.vacron.com/products_CCTV_dvr.html
  2. http://www.gess-inc.com/gess/dvrs/
  3. http://www.jufenginfo.com/en/product-list.php?cid=10&pid=166&parid=175
  4. http://egpis.co.kr/egpis/product.php?category=AHD&category2=AHD_D
  5. http://optimus-cctv.ru/catalog/ahd-videoregistratory
  6. http://www.clearcftv.com.br/linha.php?l=5&ln=ahd
  7. http://click-cam.com/html2/products.php?t=2
  8. http://www.ccd.dn.ua/ahd-videoregistratory.html
  9. http://www.dhssicurezza.com/tvcc-ahd/dvr-ahd-720p/
  10. http://www.gigasecurity.com.br/subcategoria-gravadores-de-video-dvr

Credit
An independent security researcher Istvan Toth has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to communicate with the vendor through emails and twitter, over the course of several months, we were unable to get any response.

Continue reading SSD Advisory – HiSilicon Multiple Vulnerabilities