Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB

2012-10-11 Thread roberto
Discovery date: 17/09/2012 Release date:11/10/2012 Credits: Roberto Paleari (robe...@greyhats.it, @rpaleari) [VULNERABILITY INFORMATION] Class: Authentication bypass, command-injection [AFFECTED PRODUCTS] We confirm the following device models to be affected: * BigPond

Unauthenticated remote access to D-Link DIR-645 devices

2013-02-28 Thread roberto
Unauthenticated remote access to D-Link DIR-645 devices === [ADVISORY INFORMATION] Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits:Roberto Paleari

Unauthenticated command execution on Netgear DGN devices

2013-06-03 Thread roberto
Unauthenticated command execution on Netgear DGN devices [ADVISORY INFORMATION] Title: Unauthenticated command execution on Netgear DGN devices Discovery date: 01/05/2013 Release date: 31/05/2013 Credits:Roberto Paleari

Multiple vulnerabilities on D-Link DIR-645 devices

2013-08-02 Thread roberto
/advisories/20130801-dlink-dir645.txt Credits:Roberto Paleari (robe...@greyhats.it, twitter: @rpaleari) [AFFECTED PRODUCTS] This security vulnerability affects the following products and firmware versions: * D-Link DIR-645, 1.03B08 Other products and firmware versions could also be vulnerable

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators

2015-07-31 Thread roberto
HP ArcSight Logger is a log management software used to collect and analyze logs from multiple sources to aid in investigations and audit. There are several flaws in the search capabilities in the software that cause it to provide invalid search results for any query that uses boolean

Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Roberto Suggi
fixed the issues above but the HTML encoding is still not consistent. == Credit == Discovered and advised to Opera October 2008 by Roberto Suggi Liverani of Security-Assessment.com Personal Page: http://malerisch.net == Greetings == To all my SA colleagues - you guys rock! ;-) == About Security

SugarCRM Community Edition Local File Disclosure Vulnerability

2008-04-29 Thread roberto . suggi
== Credit == Discovered and advised to SugarCRM April 2008 by Roberto Suggi Liverani Craig of Security-Assessment.com == Greetings == To all my SA colleagues and thanks to the great atmosphere in Hack in the Bush! It was inspirational... == About Security-Assessment.com

Linux Kernel 2.6.38 Remote NULL Pointer Dereference

2011-05-16 Thread roberto . paleari
Fattori, UniversitĂ  degli Studi di Milano (joyst...@security.dico.unimi.it) Roberto Paleari, Emaze Networks S.p.A (roberto.pale...@emaze.net) [Vulnerability Information] Class: Remote NULL pointer dereference CVE: [Affected Software] We confirm the presence

Multiple vulnerabilities in several IP camera products

2011-06-08 Thread roberto . paleari
Multiple vulnerabilities in several IP camera products == [ADVISORY INFORMATION] Title: Multiple vulnerabilities in several IP camera products Release date: 08/06/2011 Last update:08/06/2011 Credits:Roberto Paleari

ZOHO ManageEngine ADSelfService Plus Administrative Access

2011-10-11 Thread roberto . paleari
ZOHO ManageEngine ADSelfService Plus Administrative Access == [ADVISORY INFORMATION] Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update:10/10/2011 Credits:Roberto

Unauthenticated remote code execution on D-Link ShareCenter products

2012-02-08 Thread roberto . paleari
/2012 Credits:Roberto Paleari, Emaze Networks S.p.A (roberto.pale...@emaze.net) [VULNERABILITY INFORMATION] Class: Authentication bypass, remote code execution [AFFECTED PRODUCTS] We confirm the presence of the security vulnerabilities on the following products/firmware versions

Weak password encryption on Huawei products

2012-11-13 Thread roberto . paleari
Weak password encryption on Huawei products === [ADVISORY INFORMATION] Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits:Roberto Paleari, Emaze Networks (roberto.pale...@emaze.net) Ivan

Sitecom WLM-3500 backdoor accounts

2013-04-17 Thread roberto . paleari
Sitecom WLM-3500 backdoor accounts == [ADVISORY INFORMATION] Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits:Roberto Paleari (roberto.pale...@emaze.net, @rpaleari) Advisory URL: http

Multiple buffer overflows on Huawei SNMPv3 service

2013-05-06 Thread roberto . paleari
Multiple buffer overflows on Huawei SNMPv3 service == [ADVISORY INFORMATION] Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits:Roberto Paleari (roberto.pale

Hard-coded accounts on multiple network cameras

2013-07-11 Thread roberto . paleari
Hard-coded accounts on multiple network cameras === [ADVISORY INFORMATION] Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits:Roberto

Huawei B153 3G/UMTS router WPS weakness

2013-08-05 Thread roberto . paleari
-weakness.html Credits:Roberto Paleari (roberto.pale...@emaze.net, @rpaleari) Alessandro Di Pinto (alessandro.dipi...@emaze.net, @adipinto) [VULNERABILITY INFORMATION] Class: Authentication bypass [AFFECTED PRODUCTS] We confirm the presence of the security

Multiple vulnerabilities on Sitecom N300/N600 devices

2013-08-19 Thread roberto . paleari
Multiple vulnerabilities on Sitecom N300/N600 devices = [ADVISORY INFORMATION] Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits:Roberto Paleari

Weak firmware encryption and predictable WPA key on Sitecom routers

2014-04-24 Thread roberto . paleari
[ADVISORY INFORMATION] Title: Weak firmware encryption and predictable WPA key on Sitecom routers Discovery date: 17/02/2014 Release date: 24/04/2014 Credits:Roberto Paleari (@rpaleari) Alessandro Di Pinto (@adipinto) Advisory URL: http://blog.emaze.net

Backdoor access to Techboard/Syac devices

2014-07-07 Thread roberto . paleari
[ADVISORY INFORMATION] Title: Backdoor access to Techboard/Syac devices Discovery date: 02/04/2014 Release date: 07/07/2014 Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html Credits:Roberto Paleari (@rpaleari), Luca Giancane (luca.gianc

Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities

2009-03-06 Thread Roberto Muñoz Fernandez
Vulnerability A) confirmed in zabbix 1.4.* for example in.. http://url.foo/tr_status.php?compact=falseonlytrue=truenoactions=trueselect=falsetxt_select=sort[%22.phpinfo().%22]=1

CoolPreviews - Firefox Extension - Chrome Privileged Code Injection

2009-08-24 Thread Roberto Suggi Liverani
2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability (including a detailed proof of concept exploit) download the PDF from our website: http://www.security-assessment.com/files/advisories

Update Scanner - Firefox Extension - Chrome Privileged Code Injection

2009-08-24 Thread Roberto Suggi Liverani
). +--+ |Credit| +--+ Discovered and advised to the Update Scanner developer June 2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability (including a detailed proof of concept exploit) download the PDF from our website

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities

2010-02-23 Thread Roberto Suggi Liverani
+--+ |Credit| +--+ Discovered and advised to Adobe in November 2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability download the PDF from our website: http://www.security-assessment.com/files/advisories/2010-02

Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox Exploiting Cross Context Scripting vulnerabilities in Firefox

2010-04-22 Thread Roberto Suggi Liverani
). The research paper Cross Context Scripting with Firefox demonstrates different ways of attacking Firefox extensions via Cross Context Scripting (XCS) vulnerabilities. Several XCS cases are detailed, including vulnerable extension code and exploit. Cross Context Scripting with Firefox - Roberto

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

2010-10-19 Thread Roberto Suggi Liverani
of JRE and JDK to upgrade to the latest version as soon as possible. For more information on the new release of JRE/JDK please refer to the link: http://www.oracle.com/technetwork/java/javase/downloads/index.html +--+ |Credit| +--+ Discovered and advised to Oracle August 2010 by Roberto

Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

2010-10-21 Thread Roberto Suggi Liverani
light on this research ;-). Apologies if I didn't explain well enough the above in the original advisory. Cheers, Roberto Michal Zalewski wrote: Security-Assessment.com follows responsible disclosure and promptly contacted Oracle after discovering the issue. Oracle was contacted on August 1

Multiple critical vulnerabilities in Maxthon and Avant browsers

2012-12-11 Thread Roberto Suggi Liverani
Twitter, at https://twitter.com/malerisch Roberto Suggi Liverani