Research and Advisories
ReactionIS are committed to research and development in the information security field. Please feel free to browse and download our advisories and whitepapers.
- Hornbill Supportworks SQL Injection
- Safend SDBAgent Privilege Escalation via WRITE_DAC
- Safend SDPAgent Privilege Escalation via WRITE_DAC
- Safend SDBAgent Privilege Escalation via Unquoted Filepath
- Safend SDPAgent Privilege Escalation via Unquoted Filepath
- Safend Private Key Material in Log File
- Forescout NAC Cross-Site Redirection
- Forescout NAC Cross-Site Scripting
- Forescout NAC No ICMP and ARP Filter
- Realplayer Watchfolders Long Filepath Overflow
- Layton Helpbox 4.4.0 Multiple SQL Injection Points
- Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability
- Layton Helpbox 4.4.0 Unencrypted Login Vulnerability
- Layton Helpbox 4.4.0 Password Disclosure Vulnerability
- Layton Helpbox 4.4.0 Embedded Cross-Site Scripting
- Layton Helpbox 4.4.0 Login Bypass Vulnerability
- Layton Helpbox 4.4.0 Reflected Cross-Site Scripting
- XnView JLS File Decompression Heap Overflow
- Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment)
- Toshiba ConfigFree CF7 File Stack Buffer Overflow (Profilename)
- Toshiba ConfigFree CF7 File Remote Command Execution
- MF Gig Calendar Wordpress Plugin - Cross-Site Scripting
- Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability
- Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability
- Wordpress Download Monitor XSS
- Group Office Calendar SQL Injection
- GIMP Scriptfu Python Command Execution Vulnerability
- Total Shop UK eCommerce Generic Cross-Site Scripting
- Group-Office Cleartext Credentials Stored in Cookies
- TCExam Edit SQL Injection
- TCExam Edit Cross-Site Scripting
- Irfanview Plugins JLS File Format Heap Overflow
- GIMP FIT File Format DoS
- ScriptFu Buffer Overflow in GIMP <= 2.6
Wireless Security
This paper discusses the security implications of using the various wireless protocols and includes demonstrations of effective attacks on common wireless setups. The security risks of wireless technologies are presented to the reader and recommendations are made to counter these threats to safeguard networks and data. This paper included information about war driving attacks, WEP and WPA wireless access protocols, weaknesses in WPS (WiFi Protected Setup), rogue access points and evil twin attacks. A VirtualBox Backtrack 5 image and a USB ALFA wireless card were used as a platform for the demonstrations. Download this paper here: Wireless Security.
Defending the Cloud
This whitepaper aims to assess the security implications of moving resources into a cloud computing environment, and suggests recommendations for IT managers who are considering making this switch. The paper focuses on three major changes that occur in the shift from traditional networks into the cloud, namely the virtualisation layer, multi-tenancy and outsourcing. A number of recommendations are made that should be implemented as a supplement to enterprise security practices, including hardening the hypervisor, securing communication between virtual machines, guarding shared storage and memory, and ensuring the provider can cater for your security and compliance requirements. Download this paper here: Defending the Cloud.