Technical Advisories

Technical advisories identified by the 7E team.

Navicat Premium Oracle Connection Buffer Overflow (SEH overwrite) Vulnerability

Advisory Information Title: Navicat Premium Oracle Connection Buffer Overflow (SEH overwrite) Date Published: 01/05/2018 Advisory Summary Inputting an excessively long string of characters into the ‘host’ field when creating a new Oracle connection causes the program to crash. A lack of address space layout randomisation (ASLR) enabled within the software allows an attacker to reliably […]

Read More

Webmin 1.840 – 1.880 – Unrestricted Access to Arbitrary Files using Local File Include

Advisory Information Title:Webmin 1.840 – 1.880 – Unrestricted Access to Arbitrary Files Using Local File Include Date Published: 14/03/2018 Advisory Summary The application allows a restricted Linux user to obtain arbitrary local system files via a Local File Include vulnerability. Vendor Webmin Affected Software Product Version Webmin 1.840 & 1.880 Description of Issue Unix server […]

Read More

CVE-2017-16513 – Ipswitch WS_FTP Professional Local Buffer Overflow (SEH overwrite)

Advisory Information Title: CVE-2017-16513 Ipswitch WS_FTP Professional Local Buffer Overflow (SEH overwrite) Date Published: 03/11/2017 Advisory Summary The application accepts user input to perform a local search function. Inputting an excessively long string of characters causes the program to crash and for an attacker to gain control of the execution flow of the application. This […]

Read More

CVE-2017-15035 PyroBatchFTP Buffer Overflow (SEH Overwrite)

Advisory Information Title: PyroBatchFTP Buffer Overflow (SEH Overwrite) Date Published: 04/10/2017 Advisory Summary It is possible to cause a buffer overflow in PyroBatchFTP when a client connects to an FTP server with an excessively long current directory string. Vendor Emtec Affected Software Product Version PyroBatchFTP 3.17 Description of Issue A buffer overflow vulnerability was discovered […]

Read More

Nimbox Unauthenticated Direct Object Reference in Download Function

Advisory Information Title: Nimbox Unauthenticated Direct Object Reference in Download Function Date Published: 05/08/2016 Advisory Summary Nimbox is a secure file sharing, collaboration, backup and cloud storage service for managing, sharing and syncing files across your environment. Their ‘vault.nimbox’ service, used for secure file sharing was found to have an unauthenticated direct object reference vulnerability. […]

Read More

Mitel CCMWeb OpenRedirect

Advisory Information Title: Mitel CCMWeb OpenRedirect Date Published:  Advisory Summary The application accepts user input and then on completion of an additional task redirects the user to an external link. Vendor Mitel Affected Software Product Version MiCC (CcmWeb 7.x and earlier Description of Issue A Open Redirect vulnerability was discovered in the MiContact Center version 7.1. This […]

Read More

Mitel CCMWeb Unauthenticated Local File Inclusion

Advisory Information Title: Mitel CCMWeb Unauthenticated Local File Inclusion Date Published:  Advisory Summary A lack of input validation allows an attacker to download arbitrary files from the server. Vendor Mitel Affected Software Product Version MiCC (CcmWeb 7.x and earlier Description of Issue A local file inclusion vulnerability was discovered in the MiContact Center version 7.1. This […]

Read More

CVE-2015-2342 VMware vCenter Remote Code Execution

Advisory Information Title: vCenter Java JMX/RMI Remote Code Execution Date Published: 01/10/2015 CVE: CVE-2015-2342 Advisory Summary VMware vCenter Server provides a centralised platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with […]

Read More

CVE-2013-6880 XSS in FlashCanvas Proxy.php

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: November 2013 Ref: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it Vendor FlashCanvas.net <http://flashcanvas.net/> Affected Software FlashCanvas 1.5 and possibly older. FlashCanvas is also used in other software frameworks […]

Read More

CVE-2013-5669 Thecus Pain Text Admin Password

Advisory Information Title: Thecus NAS Server N8800 Firmware 5.03.01 plain text administrative password Date published: August 2013 Ref: CVE-2013-5669 CWE-319 Advisory Summary The Network Attached Storage (NAS) Administration Web Page for Thecus NAS Server N8800 transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. Vendor Thecus Affected Software NAS Server N8800 […]

Read More