SSD Advisory – Hotspot Shield Information Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a information disclosure found in Hotspot Shield.

Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.”

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
“Thank you very much again for contacting us. The info is being reviewed and if there are any questions/comments, we’ll contact you by re-opening this ticket”

CVE: CVE-2018-6460
Continue reading SSD Advisory – Hotspot Shield Information Disclosure

SSD Advisory – iBall Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities summary
The following advisory describes two (2) vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n.

iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connection now and later decide to change to Broadband or vice-versa you don’t need to change your router. This iBall router is 2-in-1 and compatible to both – Broadband connection as well as ADSL2 connection (Telephone connection or cable operator connection). ”

The vulnerabilities found are:

  • Hard coded accounts
  • Remote command execution

Credit
An independent security researcher, maxki4x, has reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact iBall since December 20 2017, repeated attempts to establish contact were answered, but no details have been provided on a solution or a workaround.

CVE: CVE-2018-6388
Continue reading SSD Advisory – iBall Multiple Vulnerabilities

SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities summary
The following advisory describes two (2) guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1.

Credit
An independent security researcher, Niklas Baumstark, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Oracle were informed of the vulnerabilities and released patches to address them.

For more details: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

CVE: CVE-2018-2698
Continue reading SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities

SSD安全公告-希捷个人云存储设备多个漏洞

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要
以下安全公告描述两个未经身份验证的命令注入漏洞。

希捷个人云家庭媒体存储设备是“存储,整理,流式传输,共享所有音乐,电影,照片和重要文档的最简单的方式”。

Continue reading SSD安全公告-希捷个人云存储设备多个漏洞