[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to

[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details === Product: REDDOXX Appliance

[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details === Product:

[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details === Product: REDDOXX Appliance Affected

[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Details

[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary

[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ===

[SECURITY] [DSA 3917-1] catdoc security update

2017-07-24 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3917-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2017

[slackware-security] seamonkey (SSA:2017-202-01)

2017-07-24 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] seamonkey (SSA:2017-202-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

2017-07-24 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03745en_us Version: 3