RedTeam Discovers 0-day in FileThingie Web App
RedTeam Discovers Access Violation Vulnerability in File Thingie Web-based File Manager
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a security vulnerability in File Thingie version 2.5.5. File Thingie is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible.
Jeremiah has developed proof of concept code for this vulnerability in PHP that overwrites the ft2.php sour...
RedTeam Discovers 0-day in SmallFTPD
RedTeam Discovers 0-day in SmallFTPD
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a 0-day security vulnerability in SmallFTPD Server version 1.0.3. The security vulnerability in the FTP server application revolves around unexpected behavior when sending a specially crafted data payload to the DELE command. An attacker can execute a remote Denial-of-Service attack on the server application by sending a string of malicious characters causing the program to crash.
Jeremiah has developed proof of concept code for this vulnerability in Python. This 0-day has been publishe...
RedTeam Discovers 0-day in TYPSoft FTP Server
RedTeam Discovers 0-day in TYPSoft FTP Server
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a 0-day security vulnerability in TYPSoft FTP Server version 1.10. The security vulnerability in the FTP server application revolves around unexpected behavior when sending a specially crafted data payload to the RETR command. An attacker can execute a remote Denial-of-Service attack on the server application by sending a string of malicious characters causing the program to crash.
Jeremiah has developed proof of concept code for this vulnerability in Python. This 0-day has bee...
Announcing the RedTeam Security Honeypot
What is a honeypot?
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.
We are pleased to announce the RedTeam Security Honeypot. Our Honeypot has been actively attacked for nearly 3 weeks and our plans are to publish our findings here on a quarterly basis.
The goal is to share the kn...
RedTeam TFTPUtil GUI 0day Ported to Metasploit
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam Security, discovered a 0-day security vulnerability in TFTPUtil GUI version 1.4.5 last week. The security vulnerability allows a remote attacker to send a malicious payload (overly long transport mode string) that results in a Denial of Service.
Just recently, Jeremiah has ported the proof of concept exploit code from Python language to Metasploit on Ruby. Please see the Metasploit auxiliary Denial of Service module below. Or if you prefer, you will also find the code published by Exploit-DB among...
Categories
Contact Us
Phone number:
1-612-234-7848
E-mail: