BMC Track-It! 11.4 contains an arbitrary file upload vulnerability and an information disclosure vulnerability which can be exploited by an unauthenticated user. The file upload vulnerability can be used to upload a file to the web root and execute code under the IIS user. The information disclosure vulnerability allows you to obtain the SQL database and the domain administrator credentials (username and password).
Continue reading SSD Advisory – BMC Track-It Arbitrary file upload vulnerability and Information disclosure vulnerability
WebNMS is an industry-leading framework for building network management applications. With over 25,000 deployments worldwide and in every Tier 1 Carrier, network equipment providers and service providers can customize, extend and rebrand WebNMS as a comprehensive Element Management System (EMS) or Network Management System (NMS). NOC Operators, Architects and Developers can customize the functional modules to fit their domain and network. Functional modules include Fault Correlation, Performance KPIs, Device Configuration, Service Provisioning and Security. WebNMS supports numerous Operating Systems, Application Servers, and databases.
Multiple vulnerabilities affecting WebNMS have been found, these vulnerabilities allows uploading of arbitrary files and their execution, arbitrary file download (with directory traversal), use of a weak algorithm for storing passwords and session hijacking.
Continue reading SSD Advisory – Multiple Vulnerabilities in WebNMS Framework Server
A persistent, pre-authenticated, cross site scripting vulnerability in Polycom HDX Web interface allows remote attackers to take over the camera and control it.
Continue reading SSD Advisory – Polycom Video Conference persistent and non-authenticated XSS allows camera control
The 3CX product installs a Windows service called “Abyss Web Server” (abyssws.exe) which listens on default public ports 5000 (tcp/http) and 5001 (tcp/https) for incoming requests to the web panel and runs with NT AUTHORITY\SYSTEM privileges.
Without requiring authentication/authorization it is possible to upload arbitrary scripts into an accessible web path through the VAD_Deploy.aspx script.
Given this, it is possible to run arbitrary code/commands with the privileges of the target server.
Continue reading SSD Advisory – 3CX VoIP Phone System Manager Server Remote Code Execution Vulnerability (with SYSTEM privileges)