Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Our #usdHeroLab security analysts have identified a critical #vulnerability in admin panel of #AXIS P1364 Webcam that enables an attacker to create new accounts with administrative privileges.
Vulnerability type: Cross-Site Request Forgery (CSRF) (CWE-352)
👇More details: https://herolab.usd.de/en/security-advisories/usd-2023-0007/

The #usdHeroLab analysts examined the open source application #WeKan while conducting their security analyses and found a #BrokenAccessControl vulnerability.
🚨Security Risk: High
🧵👇More details
https://herolab.usd.de/en/security-advisories/usd-2023-0008/

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.

Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/

Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.

1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)

🚨 Security Risk: High

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

Many cooks spoil the tool? Not in the #usdHeroLab: Our colleagues are constantly developing their own #tools, which are subject to strict quality and optimization processes. In the latest video, Florian Haag introduces you to our BurpSuite plugin Cyber Security Transformation Chef (CSTC) and explains how you can use it.

https://youtu.be/6fjW4iXj5cg?si=fJCfJUfP30k4KhC0

Our #usdHeroLab #Pentest professionals analyzed #FileCloud during their pentests.
1⃣Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395)
🚨Security Risk: Critical

🧐FileCloud is an enterprise solution for accessing, synchronizing and sharing files hosted on your servers.
The identified vulnerability is related to an outdated Electron dependency. Exploiting this vulnerability could potentially allow attackers to gain unauthorized access to sensitive data stored within the application.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩‍💻​👩‍💻​👇
https://herolab.usd.de/security-advisories/

Our #usdHeroLab #Pentest professionals analyzed #Gambio during their pentests.
1⃣Vulnerability Type: several vulnerabilities with partly high risk
🚨Security Risk: Critical
🧵👇 More Details

🧐Gambio is a software designed for running online shops. It provides various features and tools to help businesses manage their inventory, process orders, and handle customer interactions.

The identified vulnerabilities allowed unauthenticated attackers to execute code on the underlying system, because the application deserializes untrusted data. Other vulnerabilities allowed unauthenticated attackers to perform SQL injection attacks to extract data from the database. Also the application stores the passwords provided during the installation process in cleartext.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 🧑‍💻👩‍💻 👇
https://herolab.usd.de/en/security-advisories/

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/

Ever wondered how attackers can break out of the #Citrix encapsulation and infiltrate the underlying system? It becomes a critical issue when IT environments lack proper virtualization readiness. Addressing these attack vectors requires a special approach. Dive into our latest #LabNews blog post to get insights into what to look out for during your #PentrationTest of virtualized applications 👨‍💻​👩‍💻​👇​
https://herolab.usd.de/en/pentest-virtualized-applications-citrix-breakout-test/

#moresecurity #usdHeroLab #CitrixBreakOut #CitrixSecurity

Our #usdHeroLab #Pentest professionals analyzed #GibbonEdu during their pentests.
1⃣Vulnerability Type: Arbitrary File Write #CWE434
🚨 Security Risk: Critical
🔎CVE number: CVE-2023-45878
🧵👇 More Details

🧐 Gibbon Edu is an #opensource educational software designed for #schools and #institutions to manage their administrative and academic processes. It offers a range of features to facilitate communication, collaboration, and organization within the educational community.

The identified vulnerability allowed unauthenticated attackers to upload arbitrary files to the application and receive code execution on the underlying system. To receive #RCE an attacker must craft a fake image which can be stored as PHP file.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 🧑‍💻👩‍💻👇
https://herolab.usd.de/security-advisories/usd-2023-0025/

The #usdHeroLab analysts examined #ThingsBoard while conducting their #pentests.
1⃣Vulnerability Type: Server-Side Template Injection
🚨Security Risk: High
🧵👇 More Details

🧐ThingsBoard is an open-source IoT platform for data collection, processing, visualization, and device management.

During an assessment a Server-Side Template Injection (SSTI) vulnerability has been discovered. It enables attackers to dynamically create and modify templates, that are used for automated generation of mail content, which results in the execution of arbitrary system commands.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0010/

The #usdHeroLab analysts examined the Content Management System #SuperWebMailer while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇🧵 More Details

🧐SuperWebMailer is an online application for managing e-mail newsletters. The vulnerability enabled attackers to execute requests on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩‍💻🧑‍💻 👇

https://herolab.usd.de/security-advisories/usd-2023-0011/

The #usdHeroLab analysts examined the Content Management System #Contao while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇More details

🧐Contao is an open source Content Management System that allows you to create professional websites and scalable web applications.

The vulnerability enabled attackers with a low-privileged role to use a modified HTTP request to create an article with a JavaScript payload of their choice, which was client-triggered on the frontend and backend. For example, such an attack could upgrade a low-privileged account to an administrator account.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇

https://herolab.usd.de/en/security-advisories/usd-2023-0020/

The #usdHeroLab analysts examined the #SAP HTTP Content Server while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax #CWE644 #CVE202326457
🚨 Security Risk: High
👇🧵 More details

The SAP HTTP Content Server returns error messages in the header x-errordescription of the #HTTP Response. When invalid input is provided in a HTTP request, it is also placed in the error message inside this header.

During this process the input is URL-decoded, therefore for example %41 is translated to A and %0a is translated to a newline. This enables an #attacker to add new headers and change the content of the response.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇​
https://herolab.usd.de/security-advisories/usd-2022-0046/

The #usdHeroLab analysts examined the #SAP Partner Portal while conducting their #pentests.
1⃣ Vulnerability Type: Improper Neutralization of Input During Web Page Generation #CWE79 #CrossSiteScripting
🚨 Security Risk: High
👇🧵 More details

In cases where users do not have sufficient permissions to view a specific URL within the #SAP Partner Portal, they get redirected to an error page. During this redirection, the requested URL is passed to the error message as a parameter without any filtering or encoding.
Therefore it is possible to include HTML-Tags and JavaScript in the URL, making it possible for malicious actors to launch #XSS attacks.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇​
https://herolab.usd.de/security-advisories/usd-2023-0017/

The #usdHeroLab analysts examined the #opensource software #TineGroupware while conducting their #pentest.
1⃣ Vulnerability Type: #SQL Injection (CWE-89)
🚨 Security Risk: Critical
👇🧵 More details

#TineGroupware is an #opensource software that provides a suite of collaborative tools and applications for communication and project management within a business or organization.

🧐​During the research on open open source software, our #PentestProfessionals discovered that the sort parameter of the /index.php endpoint is vulnerable to SQL injection.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇
https://herolab.usd.de/security-advisories/usd-2023-0002/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/