DDI Labs

Shimming Your Way Past UAC

2014-05-27T16:35:00.000-05:00

Using Application Compatibility Fixes To Bypass User Account Control Chris Graham @cgrahamseven An often-overlooked method that can be used by an attacker to gain elevated code execution is utilization of a framework that is provided by Microsoft to help legacy applications function on newer versions of Windows. That framework is known as the application compatibility toolkit. Unfortunately

Symantec Endpoint Protection Manager XXE/SQLi: From Disclosure To PoC

2014-03-26T09:07:00.000-05:00

Finding CVE-2013-5014 and CVE-2013-5015 Chris Graham @cgrahamseven Sometimes there is nothing more ironic than coming across critical vulnerabilities in the very security software designed to protect systems. In these cases not only does the security software fail to prevent an intrusion; it actually becomes the vector that allows system compromise of an otherwise secure machine.

Fun With HP Data Protector EXEC_BAR Remote Command Execution

2014-02-24T09:37:00.001-06:00

Deep Dive Analysis Of CVE-2013-2347 Chris Graham @cgrahamseven One of the benefits our clients have when using our vulnerability scanner is that many of the vulnerability checks we write are non-authenticated. This means that we do not require credentials to authenticate to hosts over the network in order to check for vulnerabilities. Instead, our team of researchers frequently reverse

LenovoEMC StorageCenter PX4-300R Unauthorized Remote File Retrieval

2013-11-18T10:22:00.001-06:00

DDIVRT-2013-55 LenovoEMC StorageCenter PX4-300R Unauthorized Remote File Retrieval Follow us on Twitter! Date Discovered --------------- October 10, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Evan Sylvester and r@b13$ Vulnerability Description ------------------------- The web server for the LenovoEMC StorageCenter PX4-300R allows

The Backdoor on the Side of Your Server

2013-07-02T15:02:00.001-05:00

A note to our readers.... The following is a blog post our organization was withholding while privately warning companies about a set of critical IPMI vulnerabilities in their rack mount hardware and the threat they posed to their security posture. Some of the content was covered in a B-Sides San Antonio talk two months ago by one of our researchers. Today the full-scope of this threat was

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

2013-05-09T10:00:00.000-05:00

Follow us on Twitter! Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate 'ActuateJavaComponent' Arbitrary File Retrieval Vulnerability Description ------------------------- Actuate 10 contains a vulnerability

DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

2013-04-15T10:00:00.000-05:00

Follow us on Twitter! Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Date Discovered --------------- February 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Evan Sylvester and r@b13$ Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a directory

DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal

2013-03-15T00:00:00.000-05:00

DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Follow us on Twitter! Title ----- DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity -------- High Date Discovered --------------- January 22, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The EverFocus

VMware View Connection Server Directory Traversal

2012-12-14T12:02:00.000-06:00

DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) Follow us on Twitter! Severity -------- High Date Discovered --------------- September 26, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description ------------------------- The tunnel-server component of the VMware View Connection Server fails

I Know What You Are Reading...

2012-12-06T10:48:00.000-06:00

Before e-readers and tablet computers, the only worry that most book readers had was whether or not the someone, usually the federal government, could keep tabs on what was being checked out at the local library. While the possibility existed for this surveillance, the likelihood that you were going to be singled out was relatively low. My how things have changed. With the advent of

2012-11-27T12:16:00.000-06:00

Another awesome infographic from our friends at Veracode! Infographic by Veracode Application Security

2012-11-05T09:07:00.001-06:00

Ever wonder how you are being tracked on the Internet? Here is a really nice infographic from our good friends at Veracode that breaks it all down. Infographic by Veracode Application Security

Novell GroupWise Agents Arbitrary File Retrieval

2012-10-04T17:25:00.001-05:00

DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)Follow us on Twitter! Severity--------High Date Discovered---------------April 2, 2012 Discovered By-------------Digital Defense, Inc. VulnerabilityResearch TeamCredit: r@b13$Vulnerability Description-------------------------The HTTP interfaces for Novell GroupWise 8.0.2 Post Office Agent, Message Transfer Agent,

SolarWinds Network Performance Monitor Blind SQL Injection

2012-06-19T11:14:00.001-05:00

DDIVRT-2012-45 SolarWinds Network Performance Monitor Blind SQL InjectionFollow us on Twitter! Severity--------HighDate Discovered---------------April 26, 2012Discovered By-------------Digital Defense, Inc. Vulnerability Research TeamCredit: r@b13$Vulnerability Description-------------------------The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw

Our CTO, Gordon MacKay Speaks @ Alamo ISSA Quarterly Chapter Meeting

2012-05-16T12:52:00.000-05:00

Our thanks to the Alamo ISSA Chapter for hosting our CTO, Gordon MacKay yesterday as a speaker along with Ira Winkler and Dan Teal from CoreTrace. Great venue and attendance! Transparency Statement: DDI is a Gold Sponsor for the Alamo ISSA Chapter.

Epicor Returns Management SOAP-Based Blind SQL Injection

2012-05-16T12:43:00.000-05:00

DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL InjectionFollow Us on Twitter! Severity: HighDate Discovered: April 12, 2012Discovered By: Chris Graham Additional Discovered By: r@b13$ Vulnerability Description:Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this

ACTi Web Configurator cgi-bin Directory Traversal

2012-04-30T14:22:00.000-05:00

DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal Follow Us on Twitter! Severity: High Date Discovered: March 8, 2012 Discovered By: Digital Defense, Inc. Vulnerability Research Team Credit: shmoov and r@b13$ Vulnerability Description The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the

PacketVideo TwonkyServer and TwonkyMedia Directory Traversal

2012-04-30T14:07:00.001-05:00

DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversal Follow Us on Twitter! Severity--------High Date Discovered---------------March 12, 2012 Discovered By-------------DigitalDefense, Inc. Vulnerability Research TeamCredit: r@b13$ Vulnerability Description-------------------------Multiple PacketVideo products contain a directory traversal vulnerability within the web server

Disclosures in the Works!

2012-03-12T15:59:00.002-05:00

We've got two new disclosures in the works....stay tuned!

SolarWinds Storage Manager Server SQL Injection Authentication Bypass - Update!

2012-02-13T11:22:00.002-06:00