[FD] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details === Product:

[FD] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ===

[FD] [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary

[FD] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details === Product: REDDOXX Appliance Affected

[FD] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to

[FD] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

2017-07-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 > === title: Cross-Site Scripting (XSS) product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1

[FD] SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products

2017-07-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 > === title: Open Redirect in Login Page product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE

[FD] CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation

2017-07-24 Thread Hal Martin
Credits: Hal Martin Website: watchmysys.com Source: https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/ Vendor: CompuLab (compulab.com) Product: Intense PC / MintBox 2 Vulnerability type:

[FD] Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform

2017-07-24 Thread Francisco Amato
Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time

[FD] MEDHOST Connex contains hard-coded database credentials

2017-07-24 Thread Allen F
Overview MEDHOST Connex for all versions contains hard-coded credentials that are used for customer database access. This is a new vulnerability not related to CVE-2016-4328. Description MEDHOST Connex contains hard-coded credentials that are used for customer database