Hi Dear Reader,
During the last couple of weeks we have published security vulnerabilities in database tools related to DB2 and Informix databases.
We're sure that you (as responsible database admin) usually don't run arbitrary "attacker supplied" .SQL files on your database.
But even more, after security audit results of Informix and DB2 database tools, we're sure that you want to add extra care on that one, since we've discovered that poisonous .SQL files can overflow database tools memory buffers and execute arbitrary code on your system.
Links to our advisories follows...
Informix Security Advisory:
http://www.defensecode.com/advisories/DC-2017-04-001_IBM_Informix_DB-Access_Buffer_Overflow.pdf
DB2 Security Advisory:
http://www.defensecode.com/advisories/IBM_DB2_Command_Line_Processor_Buffer_Overflow.pdf
Kind Regards,
DefenseCode Team
DefenseCode Security Blog
Tuesday, July 11, 2017
Tuesday, June 6, 2017
ThunderScan Discovered Multiple Vulnerabilities in Google API Client Library for PHP
Hi,
During the security audit of Google APIs Client Library for PHP multiple XSS vulnerabilities were discovered using DefenseCode ThunderScan SAST application source code security analysis platform. The Google API Client Library for PHP is designed for PHP client-application developers. It offers simple, flexible, powerful access to many Google APIs such as Google+, Drive, or YouTube.
The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. Once the unsuspecting user has visited such an URL, the attacker can proceed to send requests to the API on the behalf of the victim from his JavaScript.
Full advisory can be read on the following URL: http://www.defensecode.com/advisories/DC-2017-04-012_google-api-php-client_Advisory.pdf
Regards,
DefenseCode Team
During the security audit of Google APIs Client Library for PHP multiple XSS vulnerabilities were discovered using DefenseCode ThunderScan SAST application source code security analysis platform. The Google API Client Library for PHP is designed for PHP client-application developers. It offers simple, flexible, powerful access to many Google APIs such as Google+, Drive, or YouTube.
The Cross-Site Scripting vulnerability can enable the attacker to construct the URL that contains malicious JavaScript code. If the administrator of the site makes a request to such an URL, the attacker's code will be executed, with unrestricted access to the site in question. The attacker can entice the administrator to visit the URL in various ways, including sending the URL by email, posting it as a part of the comment on the vulnerable site or another forum. Once the unsuspecting user has visited such an URL, the attacker can proceed to send requests to the API on the behalf of the victim from his JavaScript.
Full advisory can be read on the following URL: http://www.defensecode.com/advisories/DC-2017-04-012_google-api-php-client_Advisory.pdf
Regards,
DefenseCode Team
DefenseCode Is Looking for New Partners and Resellers
In order to additionally expand its rapid growth, DefenseCode L.L.C is currently looking to expand our world-wide partners and resellers for our software products and services. If you are interested in partnership with DefenseCode L.L.C for distribution of world's top class security solutions for Web Security Scanning and Static Source Code Security Analysis, as well as our security consulting services, we would be glad to hear from you.
Potential partners and resellers are encouraged to contact us over the e-mail partners@defensecode.com. We are looking forward to our new partners and more exciting business opportunities.
Regards,
DefenseCode Team
Potential partners and resellers are encouraged to contact us over the e-mail partners@defensecode.com. We are looking forward to our new partners and more exciting business opportunities.
Regards,
DefenseCode Team
Stealing Windows Credentials Using Google Chrome
Hi,
Check out our new whitepaper about stealing Windows credentials using the most popular browser today - Google Chrome.
URL:
http://www.defensecode.com/news_article.php?id=21
Regards,
DefenseCode Team
Check out our new whitepaper about stealing Windows credentials using the most popular browser today - Google Chrome.
URL:
http://www.defensecode.com/news_article.php?id=21
Regards,
DefenseCode Team
Wednesday, April 12, 2017
High Risk 0-day Vulnerability Found in Magento eCommerce
During the security audit of Magento Community Edition, a highly
popular e-commerce platform, a high risk vulnerability was discovered
that could lead to remote code execution and thus the complete system
compromise including the database containing sensitive customer
information such as stored credit card numbers and other payment
information. The vulnerability is based around an arbitrary file upload
combined with a cross-site request forgery (CSRF) vulnerability as a
main attack vector.
Despite the efforts of our team in notifying the vendor on more than one occasion since November 2016, the vulnerability remains unpatched.
Full vulnerability details are published as an advisory.
Regards,
DefenseCode Team
Despite the efforts of our team in notifying the vendor on more than one occasion since November 2016, the vulnerability remains unpatched.
Full vulnerability details are published as an advisory.
Regards,
DefenseCode Team
Monday, April 10, 2017
Apache Tomcat Vulnerabilities Found Using DefenseCode ThunderScan SAST
During the source code security analysis of Apache Tomcat with DefenseCode ThunderScan SAST solution, two different security issues were discovered, ranked as medium risk.
When exploited, discovered vulnerabilities can be abused to disclose and retrieve arbitrary files on server, such as Apache Tomcat configuration file with plain text usernames and passwords or any other file which Apache Tomcat has permission to access.
When exploited, discovered vulnerabilities can be abused to disclose and retrieve arbitrary files on server, such as Apache Tomcat configuration file with plain text usernames and passwords or any other file which Apache Tomcat has permission to access.
Full vulnerability details are published as an advisory and include ThunderScan screenshots for better understanding of the vulnerability.
Regards,
DefenseCode Team
Thursday, April 6, 2017
BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later)
Hi, Few years ago, we have discovered a remotely exploitable preauth Format String vulnerability in Broadcom UPnP implementation used in popular routers. Vendors were notified and advisory was published - http://defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf . Broadcom fixed the vulnerability in their UPnP implementation and some router vendors did it also. Vulnerability was initially discovered on Cisco Linksys (now Belkin) WRT54GL routers, but as stated before, vulnerable UPnP implementation was used by many vendors. Back in the days, Cisco fixed the vulnerability, but we are not sure about all other router vendors and models because there are too many of them. When we initially discovered the vulnerability, Rapid7 also discovered various overflows in other popular UPnP implementations, and published a paper about it. Rapid7 document about vulnerabilities they discovered in UPnP implementations: https://community.rapid7.com/docs/DOC-2150 When they did the research, there were approx. 15 Million devices with vulnerable Broadcom UPnP implementation discovered on the Internet, probably many more in the Intranets. We have written a paper about detailed exploitation steps for now fixed Broadcom UPnP Format String vulnerability, but never published it due to the severity of the bug. Now, few years later, we feel comfortable to release a full research paper with vulnerability details and exploitation steps for discovered Format String vulnerability. Big issue with routers is that they are rarely updated by users with new firmware and there could be still a lot of vulnerable routers on the Internet and in the Intranets. Full research paper on discovery and exploitation of the Broadcom UPnP Format String vulnerability can be found on the following link: http://www.defensecode.com/whitepapers/From_Zero_To_ZeroDay_Network_Devices_Exploitation.txt Since Broadcom and vendors that use their chipsets ship fixed versions of the UPnP implementation for some time now, the vulnerability isn't a 0day for some time. Still, we are sure there are plenty unpatched routers out there.
Regards,
DefenseCode Team
Tuesday, March 21, 2017
Brand New ThunderScan and Web Security Scanner
Hello,
It's been a while since our last post.
We have been working hard on improving our flagship products - ThunderScan Source Code Security Analyzer SAST and Web Security Scanner DAST solution.
We are pleased to say that there are brand new versions of both product ready for use.
Check out for more details on our website http://www.defensecode.com/.
Regards,
Leon Juranic
It's been a while since our last post.
We have been working hard on improving our flagship products - ThunderScan Source Code Security Analyzer SAST and Web Security Scanner DAST solution.
We are pleased to say that there are brand new versions of both product ready for use.
Check out for more details on our website http://www.defensecode.com/.
Regards,
Leon Juranic
Subscribe to:
Posts (Atom)