Technical Advisories

Technical advisories identified by the 7E team.

Airline Enumeration within Amadeus Check-in Application

Advisory Information Title: Airline Enumeration within Amadeus Check-in Application Date Published: 16th July 2019 Author: David Stubley, david.stubley@7elements.co.uk, @DavidStubley (twitter) Advisory Summary It was possible to enumerate supported airlines of the Amadeus Check-in Application using the URL generated as part of an airline mobile application check-in process. Example of a link to a boarding pass generated by […]

Read More

Insecure Direct Object Reference within Amadeus Check-in Application

Advisory Information Title: Insecure Direct Object Reference within Amadeus Check-in Application Date Published: 16th July 2019 Author: David Stubley, david.stubley@7elements.co.uk, @DavidStubley (twitter) Advisory Summary It was possible to download valid boarding passes (not belonging to the user) for future flights due to a weakness within the application (Insecure Direct Object Reference). Example of a link to […]

Read More

Navicat Premium Oracle Connection Buffer Overflow (SEH overwrite) Vulnerability

Advisory Information Title: Navicat Premium Oracle Connection Buffer Overflow (SEH overwrite) Date Published: 01/05/2018 Advisory Summary Inputting an excessively long string of characters into the ‘host’ field when creating a new Oracle connection causes the program to crash. A lack of address space layout randomisation (ASLR) enabled within the software allows an attacker to reliably […]

Read More

Webmin 1.840 – 1.880 – Unrestricted Access to Arbitrary Files using Local File Include

Advisory Information Title:Webmin 1.840 – 1.880 – Unrestricted Access to Arbitrary Files Using Local File Include Date Published: 14/03/2018 Advisory Summary The application allows a restricted Linux user to obtain arbitrary local system files via a Local File Include vulnerability. Vendor Webmin Affected Software Product Version Webmin 1.840 & 1.880 Description of Issue Unix server […]

Read More

CVE-2017-16513 – Ipswitch WS_FTP Professional Local Buffer Overflow (SEH overwrite)

Advisory Information Title: CVE-2017-16513 Ipswitch WS_FTP Professional Local Buffer Overflow (SEH overwrite) Date Published: 03/11/2017 Advisory Summary The application accepts user input to perform a local search function. Inputting an excessively long string of characters causes the program to crash and for an attacker to gain control of the execution flow of the application. This […]

Read More

CVE-2017-15035 PyroBatchFTP Buffer Overflow (SEH Overwrite)

Advisory Information Title: PyroBatchFTP Buffer Overflow (SEH Overwrite) Date Published: 04/10/2017 Advisory Summary It is possible to cause a buffer overflow in PyroBatchFTP when a client connects to an FTP server with an excessively long current directory string. Vendor Emtec Affected Software Product Version PyroBatchFTP 3.17 Description of Issue A buffer overflow vulnerability was discovered […]

Read More

Nimbox Unauthenticated Direct Object Reference in Download Function

Advisory Information Title: Nimbox Unauthenticated Direct Object Reference in Download Function Date Published: 05/08/2016 Advisory Summary Nimbox is a secure file sharing, collaboration, backup and cloud storage service for managing, sharing and syncing files across your environment. Their ‘vault.nimbox’ service, used for secure file sharing was found to have an unauthenticated direct object reference vulnerability. […]

Read More

Mitel CCMWeb OpenRedirect

Advisory Information Title: Mitel CCMWeb OpenRedirect Date Published:  Advisory Summary The application accepts user input and then on completion of an additional task redirects the user to an external link. Vendor Mitel Affected Software Product Version MiCC (CcmWeb 7.x and earlier Description of Issue A Open Redirect vulnerability was discovered in the MiContact Center version 7.1. This […]

Read More

Mitel CCMWeb Unauthenticated Local File Inclusion

Advisory Information Title: Mitel CCMWeb Unauthenticated Local File Inclusion Date Published:  Advisory Summary A lack of input validation allows an attacker to download arbitrary files from the server. Vendor Mitel Affected Software Product Version MiCC (CcmWeb 7.x and earlier Description of Issue A local file inclusion vulnerability was discovered in the MiContact Center version 7.1. This […]

Read More

CVE-2015-2342 VMware vCenter Remote Code Execution

Advisory Information Title: vCenter Java JMX/RMI Remote Code Execution Date Published: 01/10/2015 CVE: CVE-2015-2342 Advisory Summary VMware vCenter Server provides a centralised platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with […]

Read More