Skip to content

{ Tag Archives } advisory

New Advisories: Multiple Vulnerabilities in Geo++(R) GNCASTER

RedTeam Pentesting published three new advisories today. During a pentest, we found security vulnerabilities in the Geo++(R) GNCASTER NTRIP Caster:

RT-SA-2010-001: Insecure handling of long URLs
RT-SA-2010-002: Insecure handling of NMEA-data
RT-SA-2010-003: Faulty implementation of HTTP Digest Authentication

All vulnerabilities have been fixed by the vendor in version 1.4.0.8, so if you happen to run this software, please update [...]

Also tagged ,
2010 01 27 phof Advisories Comments (0)

New Advisory: 0wning with Gimp

It’s advisory time again:

RT-SA-2009-005: Papoo CMS: Authenticated Arbitrary Code Execution

This one’s nice because you can do your exploit development in Gimp. The idea is to plant your exploit code (in this case, PHP code) in a file with a valid GIF header and the file extension .php. Papoo CMS only sees the valid GIF header [...]

Also tagged , , ,
2009 08 10 phof Advisories Comments (3)

Advisory Release Policy

When RedTeam finds vulnerabilities in some generally available software, we go the usual way of writing advisories. These findings usually occur during pentests. We of course do not immediately release whatever we found to the public, but go through a process I want to describe in a little bit more detail here. I’m doing [...]

Also tagged , , ,
2009 06 16 phof Advisories
RedTeam Comments (0)