Latest Articles
(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write
Software: Zoho ManageEngine Desktop Central Affected Versions: Before 10.0.662 Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html CVE Reference: CVE-2021-46164 Published: 09/01/2022 CVSS 3.1 Score: 8.8 High Attack Vector: SQL Injection / Arbitrary File Write Credits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop Central. All of the reported issues have since been acknowledged and resolved by Managed Engine. Summary Whilst logged in as a user who has full control over the “reporting” module within Desktop Central, an attacker could directly query the underlying Postgres DB.
August 2, 2022,Tom Ellison
Azure - Securing Shared Access Signatures (SAS)
Tom Ellson - Head of Offensive Security Summary / TLDR; During a recent client security assessment I came across a number of insecure Azure Storage Accounts. On delivery of the recommendations, it struck me that the client was somewhat unaware of the risks associated with their Azure Storage Accounts. Despite that, the client had a multi-cloud policy and had correctly deployed Amazon S3 buckets elsewhere in their network. This blog post is designed to raise awareness of the risks posed by insecure Azure Storage Accounts, analysing the features most interesting to an attacker in terms of exploitable functionality that may be introduced by misconfiguration. It is not intended to be exhaustive and should be used as an accompaniment to existing guidance released by Microsoft.
July 14, 2022,Tom Ellison
Advisory CVE-2021-41550 Leostream Connection Broker - Authenticated Remote Code Execution
Software: Leostream Connection Broker Affected Versions: 9.0.40.17 Vendor page: https://leostream.com/ CVE Reference: CVE-2021-41550 Published: 25/01/2022 Attack Vector: Remote, authenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party Content functionality, it was found that the application allowed the listed filenames below the ability to execute Perl programming language by default on the web application.
January 26, 2022,Lenk Ratchakrit Seriamnuai