Author Archives: Matt Hall

Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Sec-1 Security Advisory Severity : High Advisory Name : Veritas NetBackup Appliance Unauthenticated Remote Command Execution Discovery Date : 17/05/2016 Release Date : 04/10/2016 Application : NetBackup Appliance versions 2.6.0.1 through to v2.7.3, and the v3.0 series Platform : Linux … Continue reading

Posted in Advisories, Tools | Comments Off on Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Sec-1 Advisory: Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4

Sec-1 Security Advisory Severity : Medium Advisory Name : Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4 Discovery Date : 23/02/2016 Release Date : 12/04/2016 Application : BES12 version 12.4 and earlier Platform : Windows CVE : CVE-2016-1917 CVE-2016-1918 Discovered by : Nicodemo Gawronski … Continue reading

Posted in Advisories | Comments Off on Sec-1 Advisory: Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4

Sec-1 Advisory: BroadSoft BroadWorks XSP XML External Entity Injection

Sec-1 Security Advisory Advisory Name : XML External Entity Injection in BroadWorks XSP XML Interface Discovery Date : 23/03/2015 Release Date : 02/06/2015 Application : BroadWorks XSP XML Interface 17.0 XML Interface on TCP/8011 Platform : Linux Severity : HIGH.Arbitrary … Continue reading

Posted in Advisories | Comments Off on Sec-1 Advisory: BroadSoft BroadWorks XSP XML External Entity Injection

Tool: Group Policy Passwords Exploit Tool – gp3finder

Group Policy preferences were introduced by Microsoft in Windows 2008 allowing administrators to configure unmanaged settings (settings which the user can change) from a centrally managed location – Group Policy Objects (GPO) [1]. Among the preference items configurable through Group Policy … Continue reading

Posted in Tools | Comments Off on Tool: Group Policy Passwords Exploit Tool – gp3finder

Helping the Community

One of the things we like to do at Sec-1 is contribute back to the community wherever possible. As full time Penetration Testers, we often perform Research and Development to identify new vulnerabilities, adding checks to our scanning tools to help organisations highlight areas … Continue reading

Posted in News, Tools | Comments Off on Helping the Community