Tel: +44 (0) 131 516 7264
Email: contact-us@7elements.co.uk
Technical advisories identified by the 7E team.
Advisory Information Title: vCenter Java JMX/RMI Remote Code Execution Date Published: 01/10/2015 CVE: CVE-2015-2342 Advisory Summary VMware vCenter Server provides a centralised platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with […]
Read MoreAdvisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: November 2013 Ref: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ‘url’ GET parameter and rendering it Vendor FlashCanvas.net <http://flashcanvas.net/> Affected Software FlashCanvas 1.5 and possibly older. FlashCanvas is also used in other software frameworks […]
Read MoreAdvisory Information Title: Thecus NAS Server N8800 Firmware 5.03.01 plain text administrative password Date published: August 2013 Ref: CVE-2013-5669 CWE-319 Advisory Summary The Network Attached Storage (NAS) Administration Web Page for Thecus NAS Server N8800 transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. Vendor Thecus Affected Software NAS Server N8800 […]
Read MoreAdvisory Information Title: Thecus NAS Server N8800 Firmware 5.03.01 Date published: August 2013 Ref: CVE-2013-5668 CWE-317 Advisory Summary The Domain Administrator Password within the ADS/NT Support page is disclosed due to clear text storage of sensitive information within the GUI. Vendor Thecus Affected Software NAS Server N8800 Firmware 5.03.01 Description of Issue The Domain Administrator […]
Read MoreAdvisory Information Title: Thecus NAS Server N8800 Firmware 5.03.01 get_userid OS Command Injection Date published: August 2013 Ref: CVE-2013-5667 CWE-78 Advisory Summary A lack of input validation allows an attacker to execute OS commands directly on the operating system. Vendor Thecus Affected Software NAS Server N8800 Firmware 5.03.01 Description of Issue The application accepts user […]
Read MoreIn July 2020 7 Elements discovered a vulnerability in Rackspace that exposed all its global hosted email customers to the potential malicious use of … Read More...
Following the announcement that 7 Elements Ltd has been acquired by Redcentric, I wanted to introduce myself and Redcentric and let you know how this … Read more...
Registered office address is: 7 Elements Ltd, 12 Hope Street, Edinburgh, EH2 4DB.
T: +44 (0)131 516 7264 E: contact-us@7elements.co.uk
7 Elements is a company registered in Scotland with company number SC382475
