Know your community – Kana Shinoda

Kana Shinoda is a well known persona in the security field, she is the organizer of Code Blue and APWG, a review board of HITB, and was a coordinator of Black Hat Japan, Conference Coordinator and CTF Interpreter of AVTOKYO and the list can go on and on. We had the honor to interview her =]


Continue reading Know your community – Kana Shinoda

SSD Advisory – NCurses 5.9 Local Privilege Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Local Privilege Escalation vulnerability in NCurses, version 5.9.

Credit
An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Responses
NCurses has released a patch to address the vulnerability.

Thomas Dickey has also added the following statement “I don’t know of any actual packages which have traces enabled by default”.

Continue reading SSD Advisory – NCurses 5.9 Local Privilege Escalation

SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a Cross-Site Scripting (XSS) vulnerability found in WebSphere Portal version 8.0.0.1.

IBM WebSphere Portal products provide enterprise web portals that help companies deliver a highly-personalized, social experience for their customers. WebSphere Portal products give users a single point of access to the applications, services, information and social connections they need. These products help increase visitor response and reduce web operations cost while offering a range of capabilities to meet your business needs.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We notified IBM of the vulnerability back in September 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for this vulnerability went unanswered. At this time there is no solution or workaround for this vulnerability.

Continue reading SSD Advisory – IBM WebSphere Portal Cross-Site Scripting (XSS)

Know your community – Beist (SeungJin Lee)

On our last blog post “Know your community” we interviewed Ionut Popescu from Romania. Today we had the honor to interview Beist (SeungJin Lee)!

Introduction
SeungJin Lee, known as Beist is a 32 years old security researcher from South Korea. Beist is the founder of GrayHash (pen-testing company) and highly regarded security research that found over 100 vulnerabilities.

Continue reading Know your community – Beist (SeungJin Lee)