Vulnerability Identified in the Avaya AES Management Console PlatformToday Digital Defense is publishing a high impact zero-day vulnerability identified in the Avaya Application Enablement Services (AES) Management Console platform discovered by Digital Defense Security Analysts. The Digital Defense Vulnerability Research Team would like to commend Avaya for their prompt handling and diligent...

Two zero-day vulnerabilities found in the Lexmark Markvision Enterprise application that our Vulnerability Research Team discovered and brought to the attention of Lexmark. Lexmark has worked diligently with Fortra to understand, resolve and verify the fixes for these security issues. Lexmark has released fixes. To obtain Markvision Enterprise v2.4.1 visit: https://www.lexmark.com/markvision...

Vendor: DellProduct: SonicWALL Email Security (virtual appliance)Version: 8.3.0.6149 Summary Information:SonicWALL Email Security can be configured as a Mail Transfer Agent (MTA) or SMTP proxy and has spam protection, compliance scanning, anti-malware and anti-virus capabilities. The affected web interfaces for these vulnerabilities are frequently available on externally accessible perimeter...

The Digital Defense, Inc. Vulnerability Research Team (VRT) has identified six previously undisclosed security vulnerabilities found in the Dell EMC VMAX Management Product family. Summary information for these flaws can be found below.Checks for the identified vulnerabilities are available now in Frontline™ Vulnerability Manager. Clients are encouraged to run a full vulnerability assessment which...

Today Digital Defense is publishing six zero-day vulnerabilities found in the Dell EMC VMAX Management Product family that our vulnerability research team discovered and brought to the attention of Dell EMC. Dell EMC has been extremely professional and worked diligently with Digital Defense engineering staff to understand, resolve and verify the fixes for these security issues.Dell EMC has...

Several months back I was updating our vulnerability scanner checks for various Solarwinds products. As I added a detection script for a product called Log and Event Manager (LEM), I realized that there were really no significant publicly disclosed vulnerabilities for it. This spurred me to download their trial, which comes as a virtual appliance, and look for some flaws. After initially setting...

Title: DDIVRT-2015-55 SolarWinds Log and Event Manager Remote Command ExecutionSeverity: HighDate Discovered: August 15, 2015Discovered By: Chris Graham @cgrahamsevenVulnerability Description:SolarWinds Log and Event Manager (LEM) is vulnerable to an Extensible Markup Language (XML) external entity injection through the agent message processing service. This service listens on TCP port 37891....

Given the popularity of the Mac and the ever increasing number of users, we thought it would be good to share insight that everyone, regardless of what they use their Mac for, should do to protect their system and their data. This list is not all inclusive; however, it does give most users much more control over the security and privacy of their data. Under System Preferences >> Security &...

I was recently putting together material for a recurring vulnerability management meeting with one of our clients. This involves comparing authenticated scanning results from one scanning period to the next in an effort to determine progress in addressing high-risk vulnerabilities; particularly, missing Microsoft, Adobe and Java patches, as vulnerabilities in these products are generally...

DEEP DIVE ANALYSIS OF CVE-2013-2347One of the benefits our clients have when using our vulnerability scanner is that many of the vulnerability checks we write are non-authenticated. This means that we do not require credentials to authenticate to hosts over the network in order to check for vulnerabilities. Instead, our team of researchers frequently reverse engineers software to identify unique...

Follow us on Twitter! Severity--------High Date Discovered---------------March 19, 2013 Discovered By-------------Digital Defense, Inc. Vulnerability Research TeamCredit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate 'ActuateJavaComponent' Arbitrary File Retrieval Vulnerability Description-------------------------Actuate 10 contains a vulnerability within the 'ActuateJavaComponent'. This...

DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory TraversalFollow us on Twitter! Title-----DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal Severity--------High Date Discovered---------------January 22, 2013 Discovered By-------------Digital Defense, Inc. Vulnerability Research TeamCredit: r@b13$ Vulnerability Description-------------------------The EverFocus EPARA264-16X1 DVR allows...