Category Archives: Advisories

Office365 ActiveSync Username Enumeration

Summary There is a simple username enumeration issue in Office365’s ActiveSync, Microsoft do not consider this a vulnerability so Sec-1 do not expect this issue to be fixed. Sec-1 Penetration Tester Oliver Morton has written a script to exploit this which is … Continue reading

Posted in Advisories, Tools | Tagged , , , | Comments Off on Office365 ActiveSync Username Enumeration

Malwaretech stems Wcry for now

The Internet’s Unsung Hero Malwaretech registered the sandbox detection domain essentially shutting down any further spread overnight; but expect a new version to be released soon. Update XP & 2003 Microsoft have issued an unusual – out of band – … Continue reading

Posted in Advisories, News, Uncategorized | Tagged , , | Comments Off on Malwaretech stems Wcry for now

Weaponised Wanna Decryptor Worm

Patch MS17-010 NOW!!! Cryptomalware which has affected Telefonica and other organisations in Spain; and the NHS in the UK has recently been confirmed as being a fully weaponised version of the crypto malware Wanna Decryptor (aka “Wannacry” and “Wcry”). As … Continue reading

Posted in Advisories, News | Comments Off on Weaponised Wanna Decryptor Worm

Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Sec-1 Security Advisory Severity : High Advisory Name : Veritas NetBackup Appliance Unauthenticated Remote Command Execution Discovery Date : 17/05/2016 Release Date : 04/10/2016 Application : NetBackup Appliance versions 2.6.0.1 through to v2.7.3, and the v3.0 series Platform : Linux … Continue reading

Posted in Advisories, Tools | Comments Off on Veritas NetBackup Appliance Unauthenticated Remote Command Execution

Sec-1 Advisory: Reflected Cross-Site Scripting and Open Redirect in WatchGuard Fireware v11.11

Sec-1 Security Advisory Severity : Medium Advisory Name : Reflected Cross-Site Scripting and Open Redirect in WatchGuard Fireware v11.11 Discovery Date : 27/04/2016 Release Date : 11/07/2016 Application : WatchGuard Fireware version 11.11 and earlier Platform : Windows CVE : … Continue reading

Posted in Advisories | Comments Off on Sec-1 Advisory: Reflected Cross-Site Scripting and Open Redirect in WatchGuard Fireware v11.11

Sec-1 Advisory: Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4

Sec-1 Security Advisory Severity : Medium Advisory Name : Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4 Discovery Date : 23/02/2016 Release Date : 12/04/2016 Application : BES12 version 12.4 and earlier Platform : Windows CVE : CVE-2016-1917 CVE-2016-1918 Discovered by : Nicodemo Gawronski … Continue reading

Posted in Advisories | Comments Off on Sec-1 Advisory: Reflected Cross-Site-Scripting in Blackberry BES12 version 12.4