OpenBase 10.0.5 (All Platforms)

Netragard’s SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise.

The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of backticks into the pre-defined Stored Procedures.

The second vulnerability discovered in Buffer Overflow that causes heap corruption. This also has the potential to lead to the execution of arbitrary code or a Denial of Service condition.

Click here for the full advisory.

Hackers Nasdaq – Our founder comments in forbes.

Our founder, Adriel Desautels, comments about purchasing exploits in this Forbes article. The article also outlines a new business called WabiSabiLabi that is attempting to gain traction in the exploit market by using an e-bay like bidding structure. While this seems like a good idea at first glance the idea will face significant trust problems as it appears that anyone can bid on an exploit. The question that we have for WabiSabiLabi is how do they assure that the winning bidder is an ethical legitimate buyer?

Maia Mailguard Security Risk Advisory

SNOsoft has discovered a high risk vulnerability in Maia Mailguard version 1.0.2 that makes it possible for an attacker to execute arbitrary commands on the affected system. The advisory will be published on Netragard’s website shortly. Until then users of the Maia Mailguard web application should suspend use or add .htaccess capabilities to the web server to mitigate the risk of compromise.

http://www.netragard.com/pdfs/research/NETRAGARD-20070628-MAILGUARD.txt

Netragard, LLC. — The Specialist in Anti Hacking.

@Mail Webmail Security Research

The SNOsoft Research Team recently performed a light weight security assessment of the @Mail Webmail product. @Mail is very much like OWA with respect to look, feel and functionality. The result of this research project was the discovery of two bugs in the product. These bugs were released as formal advisories by Netragard and can be viewed below:

https://netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt
https://netragard.com/pdfs/research/ATMAIL-XSS-NETRAGARD-20061206.txt