Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Third-Party Disclosure  

R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils

Disclosure Summary ManageEngine OpUtils is an enterprise switch port and IP address management system. Rapid7's Deral Heiland discovered a persistent cross-site scripting (XSS) vulnerability, as well as a number of insecure direct object references. The vendor and CERT have been notified of these issues. The…

R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)

This advisory was written by the discoverer of the NPort issue, Joakim Kennedy of Rapid7, Inc. Securing legacy hardware is a difficult task, especially when the hardware is being connected in a way that was never initially intended. One way of making legacy hardware more…

R7-2015-27 and R7-2015-24: Fisher-Price Smart Toy® hereO GPS Platform Vulnerabilities (FIXED)

Through our recent publication of numerous security issues of Internet-connected baby monitors, we were able to comprehensively raise awareness of the real-world risks facing those devices. Further, we were able to work with a number of vendors to get key security problems resolved, resulting in…

R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)

While looking into the SSH key issue outlined in the ICS-CERT ISCA-15-309-01 advisory, it became clear that the Dropbear SSH daemon did not enforce authentication, and a possible backdoor account was discovered in the product.  All results are from analyzing and running firmware version 1322_…

R7-2015-23: Comcast XFINITY Home Security System Insecure Fail Open

SummaryBy creating a failure condition in the 2.4 GHz radio frequency band, the Comcast XFINITY Home Security System fails open, with the base station failing to recognize or alert on a communications failure with the component sensors. In addition, sensors take an inordinate amount…

Multiple Disclosures for Multiple Network Management Systems

Today, Rapid7 is disclosing several vulnerabilities affecting several Network Management System (NMS) products. These issues were discovered by Deral Heiland of Rapid7 and independent researcher Matthew Kienow, and reported to vendors and CERT for coordinated disclosure per Rapid7's disclosure policy. All together, we're disclosing six…

R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)

ManageEngine Desktop Central 9 suffers from a vulnerability that allows a remote attacker to upload a malicious file, and execute it under the context of SYSTEM. Authentication is not required to exploit this vulnerability. In addition, the vulnerability is similar to a ZDI advisory released…

R7-2015-25: Advantech EKI Multiple Known Vulnerabilities

Advantech EKI Multiple Known VulnerabilitiesWhile looking into the SSH key issue outlined in the ICS-CERT ISCA-15-309-01 advisory, a number of additional security issues were discovered with the product. All results are from analyzing and running firmware version 1322_D1.98, which was released in response…

R7-2015-17: HP SiteScope DNS Tool Command Injection

This is a vulnerability advisory for the HP SiteScope DNS Tool Command Injection vulnerability, made in accordance with Rapid7's disclosure policy. Summary Due to a problem with sanitizing user input, authenticated users of HP SiteScope running on Windows can execute arbitrary commands on affected platforms…

#IoTsec Disclosure: 10 New Vulnerabilities for Several Video Baby Monitors

Usually, these disclosure notices contain one, maybe two vulnerabilities on one product. Not so for this one; we've got ten new vulnerabilities to disclose today. If you were out at DEF CON 23, you may have caught Mark Stanislav's workshop, “The Hand that Rocks the…

Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)

Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is installed and updated in an insecure manner. A remote attacker could leverage these flaws to run arbitrary code in the context of the system Administrator by leveraging two particular flaws in…

R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)

This disclosure covers two issues discovered with the Accellion File Transfer Appliance, a device used for secure enterprise file transfers. Issue R7-2015-08.1 is a remote file disclosure vulnerability, and issue R7-2015-08.2 is remote command execution vulnerability. Metasploit modules have been released for both…

Disclosure: Android Chrome Address Bar Spoofing (R7-2015-07)

Android Chrome Address Bar Spoofing (R7-2015-07) SummaryDue to a problem in handling 204 "No Content" responses combined with a window.open event, an attacker can cause the stock Chrome browser on Android to render HTML pages in a misleading context. This effect was confirmed on…

R7-2015-04 Disclosure: Mozilla Firefox Proxy Prototype RCE (CVE-2014-8636)

This blog post was originally written by Joe Vennix, and published here with his permission. All first person pronouns refer to him. Adventures in Browser Exploitation: Firefox 31 - 34 RCEA few months ago, I was testing some Javascript code in Firefox involving Proxies. Proxies…

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Vulnerability Summary Due to a lack of complete coverage for X-Frame-Options (XFO) support on Google's Play Store web application domain, a malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal…

Never miss a blog

Get the latest stories, expertise, and news about security today.