SSD Advisory – QNAP HelpDesk SQL Injection

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier.

QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App Center, and create a new Help Request. Helpdesk will automatically collect and attach NAS system information and system logs to your request, and you can provide other information such as the steps necessary to reproduce the error, the error message and screenshots so we can identify the problem faster.”

Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
QNAP has released patches to address this vulnerability.

For more information: https://www.qnap.com/en/security-advisory/nas-201709-29

CVE: CVE-2017-13068

Continue reading SSD Advisory – QNAP HelpDesk SQL Injection

SSD Advisory – PHP Melody Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in PHP Melody version 2.7.3.

PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on.
A truly great CMS should help you save time and make your life easier not complicate it. Nobody enjoys spending time and money on inferior solutions. If you value your time, don’t settle for anything but the best video CMS with a proven track record, constant support and updates.”

The vulnerabilities found in PHP Melody are:

  • Stored PreAuth XSS that leads to administrator account takeover
  • SQL Injection (1)
  • SQL Injection (2)

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
PHP Melody has released patches to address this vulnerability.

For more information: http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/

Continue reading SSD Advisory – PHP Melody Multiple Vulnerabilities

SSD Advisory – Vacron NVR Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a remote command execution vulnerability.

VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact Vacron since September 5 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.

Continue reading SSD Advisory – Vacron NVR Remote Command Execution

SSD Advisory – Angular-CLI Authentication Bypass

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability summary
The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2

The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!”

Credit
An independent security researcher, Paolo Stagno aka VoidSec, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Angular-CLI was informed of the vulnerability, to which they response with:

“This is a known ‘problem’, and people are using that feature quite extensively. Please note that we write a large warning message when users are running serve in production mode, and it is not a supported use case.

The assumption that we are making (and maybe we could be clearer about it) is that you always run your development server (which is what ng serve is) in a local development environment, on a computer that’s firewalled properly from the internet. We do not support serving your website to the public as a production environment.

As such, the Host header protection is of little use for a development server use case like this one.

Closing this as answered, but if you feel there are more points to make, you can either open a new issue or answer this one directly and ping me”

Continue reading SSD Advisory – Angular-CLI Authentication Bypass