SSD Advisory – SAP Afaria SQL Injection

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Responses
SAP Afaria has released patch to address the vulnerability – SP5

Continue reading SSD Advisory – SAP Afaria SQL Injection

Know your community – Ionut Popescu

When we sponsored DefCamp Romania back in November 2016, I saw Ionut Popescu lecture “Windows shellcodes: To be continued” and thought to myself “He’s must be a key figure in the Romanian security community – I must interview him” so I did!

Introduction
Ionut is working as a Senior Penetration Tester for SecureWorks Romania. Speaker at DefCon and DefCamp, writer of NetRipper, ShellcodeCompiler and a family man.

Continue reading Know your community – Ionut Popescu

SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary

The following advisory describes three (3) vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) and two (2) vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2)

The three vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) are:

  1. Directory traversal and Command injection vulnerabilities leading to Remote Command Execution
  2. ShowIcon” Servlet file Parameter Directory Traversal
  3. FileDownloadServlet Request URI Directory Traversal Read Code Execution

The two vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2) are:

  1. FileDownloadServlet Directory Traversal
  2. GUIDownloadServlet Request URI Directory Traversal

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
SSD reported the vulnerabilities to ZyXEL back in Jun 2016.
Vendor response: “Regarding the security vulnerabilities you reported for our Vantage CNM, we were informed by HQ that there will no further enhancements for the product, as we have a new product to replace it, called Cloud CNM. Further, the two provide almost equivalent features with exception to GUI and behavior.

Continue reading SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

SSD Advisory – dotCMS H2 Database Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes an SQL Injection in dotCMS 3.6.0 H2 Database that allows attackers to Remote Code Execution.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We contacted the vendor back in December 2016 and they responded with:
H2 is not a production DB for us. It is just for testing and trying out dotCMS. We do not support it in production or on public servers

Please note that since this vulnerability will not be fixed, default installations of dotCMS that don’t switch from H2 to some other database are vulnerable. In addition, the only warning found on the web site of dotCMS related to H2 is:
Important: H2DB should NOT be used for a production in environment.

Which doesn’t explain the lack of security due to dotCMS using an H2 database.

Continue reading SSD Advisory – dotCMS H2 Database Remote Code Execution