/13301
Enjoy!
# Multiple Vulnerabilities in IBM Data Risk Manager
### By Pedro Ribeiro (ped...@gmail.com) from [Agile Information
Security](https://agileinfosec.co.uk)
Disclosure Date: 21/04/2020 | Last Updated: 21/04/2020
## Introduction
[From the vendor's website](https://www.ib
/13301
Enjoy!
# Multiple Vulnerabilities in IBM Data Risk Manager
### By Pedro Ribeiro (ped...@gmail.com) from [Agile Information
Security](https://agileinfosec.co.uk)
Disclosure Date: 21/04/2020 | Last Updated: 21/04/2020
## Introduction
[From the vendor's website](https://www.ib
Advisory below, permalink in:
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/ibm-tm1-rce.txt
Exploit:
https://github.com/rapid7/metasploit-framework/pull/13152
Have fun!
===
>> Configuration Overwrite in IBM Cognos TM1 / IBM Planning Analytics Server
>> Disco
!
>> Multiple critical vulnerabilities in Cisco UCS Director, Cisco
Integrated Management Controller Supervisor and Cisco UCS Director
Express for Big Data
>> Discovered by Pedro Ribeiro (ped...@gmail.com) from Agile Informat
://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
>> Authentication Bypass and Arbitrary File Upload (leading to remote
code execution) on Cisco Data Center Network Manager
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Se
gt;> Multiple vulnerabilities in Cisco Identity Services Engine
(unauthenticated stored XSS to RCE as root)
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security and Dominik Czarnota (domini
from
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
>> Multiple vulnerabilities in NUUO Central Management Server
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security (http://
thenticated remote code execution and privilege escalation in
Cisco Prime Infrastructure
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security (http://www.agileinfosec.co.uk/)
==
Disclosure: 4/10/20
ploit module has been released, and it is pending approval:
https://github.com/rapid7/metasploit-framework/pull/10108
Regards,
Pedro
>> Multiple vulnerabilities in IBM QRadar SIEM
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security (http://www.a
https://blogs.securiteam.com/index.php/archives/3681
>> DrayTek VigorACS 2 Unsafe Flex AMF Java Object Deserialization
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security
=
Di
— you get
> full access to everything, from any device that can run a web browser”
>
> The vulnerabilities found are:
>
> Access bypass
> Configuration manipulation
>
> Credit
> An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com),
> has reported
hub repo
(https://github.com/pedrib/PoC) and in the SSD blog at
https://blogs.securiteam.com/index.php/archives/2713. A big thanks to
SecuriTeam for helping out as always.
>> Multiple critical vulnerabilities in BMC Track-It! 11.4
>> Discovered by Pedro Ribeiro (ped...@gmail.com),
fix this vulnerability. This claim was NOT verified.
The beta firmware can be downloaded from:
http://kb.netgear.com/36549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability?cid=wmt_netgear_organic
Regards,
Pedro
On 20/12/16 21:42, Pedro Ribeiro wrote:
> Hi,
>
> tl
/archives/2910
http://www.beyondsecurity.com/ssd
Regards,
Pedro
===
>> Multiple vulnerabilities in TrueOnline / ZyXEL / Billion routers
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Informat
.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
Regards,
Pedro
>> Stack buffer overflow vulnerability in NETGEAR WNR2000 router
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security
==
Di
advisories/dlink-hnap-login.txt
Have fun.
Regards,
Pedro
>> Multiple vulnerabilities in Dlink DIR routers HNAP Login function
(multiple routers affected)
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agil
ies in WebNMS Framework Server 5.2 and 5.2 SP1
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security
==
Disclosure: 04/07/2016 / Last updated: 08/08/2016
>> Background on the affected prod
On 04/08/16 17:46, Pedro Ribeiro wrote:
> tl;dr
>
> Lots of RCE, hardcoded credentials, stack buffer overflow and
> information disclosure in the Nuuo NVRmini and other network video
> recorders of the same vendor.
> These vulnerabilities also affect the NETGEAR Surveillance a
Rmini2 / NVRsolo / Crystal devices
and NETGEAR ReadyNAS Surveillance application
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security (http://www.agileinfosec.co.uk/)
==
Disclosure: 04/08/2016 / Last
mote code execution / arbitrary file download in NETGEAR ProSafe
Network Management System NMS300
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information
Security (http://www.agileinfosec.co.uk/)
==
Disclos
System Administrator
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
>> (http://www.agileinfosec.co.uk/)
==
Disclosure: 13/07/2015 / Last updated: 13/07/2015
>> Background on the affected
/pull/5472
https://github.com/rapid7/metasploit-framework/pull/5473
https://github.com/rapid7/metasploit-framework/pull/5474
>> Multiple vulnerabilities in SysAid Help Desk 14.4
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Informat
-security, distro-security and
Solar Designer, and will not do it again.
A full copy of the advisory below can be found in my repo at
https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt.
Regards,
Pedro
>> Heap overflow and integer overflow in ICU library
>> Discove
hould hopefully be
accepted soon [2].
Regards,
Pedro
>> Remote code execution in Novell ZENworks Configuration Management 11.3.1
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
=
e OpManager,
>> Applications Manager and IT360
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
==
Disclosure: 28/01/2014 / Last updated: 28/01/2014
>> Background on the affected products:
On 4 January 2015 at 17:19, Pedro Ribeiro wrote:
> #2
> Vulnerability: Remote code execution via file upload (unauthenticated)
> CVE-2014-5302
> Constraints: no authentication or any other information needed except
> for IT360 (guest account needed); code execution is only possible
On 31 December 2014 at 02:17, Pedro Ribeiro wrote:
> Hi,
>
> This is part 10 of the ManageOwnage series. For previous parts, see [1].
>
> This time we have a vulnerability that allows an unauthenticated user
> to create an administrator account, which can then be used to exe
Pedro
==
>> Remote code execution / file upload in ManageEngine ServiceDesk Plus,
>> AssetExplorer, SupportCenter Plus and IT360
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
==
below, and a copy can be obtained from my repo [3].
Regards,
Pedro
>> Administrator account creation in ManageEngine Desktop Central / Desktop
>> Central MSP
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agi
On 30 Nov 2014 00:17, "Pedro Ribeiro" wrote:
>
> Hi,
>
> This is part 9 of the ManageOwnage series. For previous parts see [1].
>
> >> Technical details:
> Vulnerability: Arbitrary file download
> Constraints: unauthenticated in NetFlow; authenticated in IT
ageEngine Netflow Analyzer and IT360
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
==
Disclosure: 30/11/2014 / Last updated: 30/11/2014
>> Background on the affected product:
&quo
, and I have updated the full text advisory in [3].
Regards,
Pedro
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Informat
.
Regards,
Pedro
>> Authenticated blind SQL injection in Password Manager Pro / Pro MSP
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
==
Disclosure: 08/11/2014 / Last updated: 08/11/
meline of disclosure are below, and a copy of this
advisory can be found at my repo [4].
Regards,
Pedro
>> Multiple vulnerabilities in ManageEngine EventLog Analyzer
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
===
in BMC Track-It!
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
=
The application exposes several .NET remoting services on port 9010.
.NET remoting is a RMI technology similar to Java RMI or
module has been submitted
and should be available soon (see pull request
https://github.com/rapid7/metasploit-framework/pull/3903).
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Informat
On 31 August 2014 16:39, Advisories wrote:
> Mogwai Security Advisory MSA-2014-01
> --
> Title: ManageEngine EventLog Analyzer Multiple Vulnerabilities
> Product:ManageEngine EventLog Analyzer
> Affected v
On 3 September 2014 07:23, Pedro Ribeiro wrote:
> On 31 August 2014 16:39, Advisories wrote:
>> Mogwai Security Advisory MSA-2014-01
>> --
>> Title: ManageEngine EventLog Analyzer Multiple Vulne
Hi all,
h0ng10 from Mogway Security has found a file upload leading to RCE in
Eventlog Analyzer (see advisory below for a snippet or go to
http://seclists.org/fulldisclosure/2014/Aug/86).
h0ng10 communicated this over a year ago to ManageEngine but they
failed to fix it. When I found and communic
copy of the advisory below is available in my repo at
https://raw.githubusercontent.com/pedrib/PoC/master/me_dc9_file_upload.txt
Regards,
Pedro
>> Arbitrary file upload / remote code execution in ManageEngine Desktop
>> Central / Desktop Central MSP
>> Discovered by Pedro Ribeiro
On 19 Aug 2014 17:55, "Pedro Ribeiro" wrote:
>
> TL;DR
> CVE-2014-3996 / CVE-2014-3997
> Blind SQL injection in ManageEngine Desktop Central, Password Manager
> Pro and IT360 (including MSP versions)
> Scroll to the bottom for the Metasploit module link; the m
rote:
Are you sure that this is an MD5 Hash? It looks more like a base64 encoded
string (decoded value " :N yZX@{ ")
On Wed, Aug 27, 2014 at 5:50 PM, Pedro Ribeiro wrote:
> On 27 Aug 2014 19:14, "Pedro Ribeiro" wrote:
> >
> > Hi,
> >
> > You
On 27 Aug 2014 19:14, "Pedro Ribeiro" wrote:
>
> Hi,
>
> You can read the usernames and MD5 hashed passwords of all the users
> in the Device Expert application by sending an unauthenticated
> request.
> I am releasing this as a 0 day as ManageEngine have respon
ess a customer requests it. See details below.
>> User credential disclosure in ManageEngine DeviceExpert 5.9
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile Information Security
==
>> Background
.
==
>> Blind SQL injection in ManageEngine Desktop Central, Password Manager Pro
>> and IT360 (including MSP versions)
>> Discovered by Pedro Ribeiro (ped...@gmail.com), Agile In
On 8 June 2014 09:16, Owen Tuz wrote:
> I am also not a lawyer, but think you would have serious problems getting
> this to hold up in any court.
>
> What you're describing is equivalent to the email disclaimers used by many
> businesses - "If you have received this email in error, please delete i
As you all know, responsible disclosure can be hard.
You want to do the right thing, give the vendor some time to fix the
issue, protect its customers, etc; but the first thing the vendor does
is to threaten to sue / arrest / beat up / kill you.
Fortunately this is happening less and less, but the
On 12 May 2014 19:48, "Pete Herzog" wrote:
>
> "Hi, I’m your friend and security researcher, Pete Herzog. You might
> know me from other public service announcements such as the widely
> anticipated, upcoming workshop Secrets of Security, and critic’s
> choice award winners: Teaching Your Teen to
://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.
Regards,
Pedro Ribeiro
Agile Information Security
PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1
CVE-2014-1603
by Pedro Ribeiro (ped...@gmail.com) from Agile Information Security
Timeline:
04/11/2013 - Found bugs, produced
49 matches
Mail list logo