Remote Code Execution in BlackBerry Workspaces Server
Overview Gotham Digital Science (GDS) has discovered a vulnerability affecting BlackBerry Workspaces Server (formerly WatchDox). Prior to being patched, it was possible to remotely execute arbitrary...
View ArticleClik here to view.
Skybox Vulnerabilities
Overview Gotham Digital Science (GDS) recently discovered multiple vulnerabilities that affect the Skybox Manager Client Application and the Skybox Server. These consist of user privilege elevation,...
View ArticleClik here to view.
Jolokia Vulnerabilities - RCE & XSS
Recently, during a client engagement, Gotham Digital Science found a couple of zero-day vulnerabilities in the Jolokia service. Jolokia is an open source product that provides an HTTP API interface for...
View ArticleBreaking Randomness in the Ethereum Universe [part 1]
It is widely acknowledged that generating secure random numbers on the Ethereum blockchain is difficult due to its deterministic nature. Each time a smart contract’s function is called inside of a...
View ArticleCUPS Local Privilege Escalation and Sandbox Escapes
Gotham Digital Science has discovered multiple vulnerabilities in Apple’s CUPS print system affecting macOS 10.13.4 and earlier and multiple Linux distributions. All information in this post has been...
View ArticleWowza Streaming Engine Manager Directory Traversal and Local File Inclusion
HTTP/1.1 200 OK Server: Winstone Servlet Engine v1.0.5 Content-Type: application/octet-stream Content-Disposition: attachement; filename=”shadow.zip” Connection: Close Date: Thu, 17 May 2018 18:11:09...
View ArticleRemote Code Execution in BlogEngine.NET
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-6714, in the BlogEngine.NET blogging software platform affecting versions 3.3.6.0 and earlier. This issue...
View ArticleUnauthenticated Remote Code Execution in Kentico CMS
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-10068, in the Kentico CMS platform versions 12.0.14 and earlier. This issue allows for unauthenticated remote...
View ArticleSSRF and XXE Vulnerabilities in PDFreactor
Aon’s Cyber Solutions recently discovered two vulnerabilities in RealObjects PDFreactior prior to version 10.1.10722 in the default configuration. The identified vulnerabilities allow attackers to...
View ArticleClik here to view.
RCE Using Caller ID - Multiple Vulnerabilities in FusionPBX
Aon’s Cyber Solutions has recently discovered several vulnerabilities in FusionPBX, an open-source VoIP PBX application that runs on top of the FreeSWITCH VoIP switch. These vulnerabilities allow for...
View Article