Vulnerability Advisories

Andrew Horton actively researches new technologies within the emerging trends of information security. Research is conducted in the areas of vulnerability discovery, systems identification and more.

Vulnerability Advisories

Multiple vulnerabilities in NETGEAR N300 WIRELESS ADSL2+ MODEM ROUTER DGN2200

BAE Systems Applied Intelligence researcher, Andrew Horton has identified that the NetGear N300 Wireless ADSL 2+ Modem Router model DGN2200 suffers from multiple vulnerabilities which may be exploited by both local and remote attackers. This enables an attacker to completely compromise the device and stage further attacks against the local network and internet. Vulnerabilities include Command Injection, Cross-site Request Forgery, UPNP Exploitation through Cross-site Request Forgery, Insecure FTP Root, Cannot Disable WPS, Passwords Stored in Plaintext, Information Disclosure, and Firmware Update MITM.

Published by: BAE Systems Applied Intelligence
Date: 11th February, 2014
Link to advisory at PacketStorm

Bypass Protection in WordPress Stop User Enumeration Plugin

Protection to stop user enumeration can be bypassed by unauthenticated users.

Published by: No advisory made.
Date: 4th February, 2014
Link to advisory at Secunia.com

Atlassian Confluence Multiple Issues

Andrew Horton, Sow Ching Shiong, and Mahendra discovered Persistent Cross-site Scripting, Persistent Cross-Site Flashing, and Insufficient Framing Protection vulnerabilities in Confluence version 4.3.5.

Published by: BAE Systems Detica Security
Date: 10th July, 2013
Link to advisory at Exploit-DB

Active Collab Multiple Issues

Stratsec security researchers Andrew Horton, Steven Seeley and Pedram Hayati have discovered remote command execution, SQL injection, authentication bypass, XQuery injection, username enumeration and cross-site scripting (reflective and persistent) in ActiveCollab 2.3.4 and its modules.

Published by: Stratsec / BAE Systems Detica Security
Date: May, 2012
Link to advisory at AusCERT

WordPress 3.1.2 Click-Jacking

An attacker can gain arbitrary command execution privileges through a Click Jacking attack on an authenticated administrator.

Published by: Security-Assessment.com
Date: 20th September, 2011
Link to advisory at Security-Assessment.com

Cross-site Scripting and Weak entropy of tokens in SilverStripe CMS

Cross-site scripting vulnerabilities and insecure use of random functions (disclosure of PRNG state) to protect CSRF tokens, member auto-login, forgot password emails, and auto-generated salt values for hashed passwords.

Published by: No advisory made.
Date: 21st December, 2010
Link to ChangeLog at SilverStripe.org

Multiple security issues in Cute News and UTF-8 Cute News

Multiple security issues in Cute News and UTF-8 Cute News

Date: 11th November 2009
Link to advisory at MorningStar Security

Multiple security issues in Open Auto Classifieds

Multiple security issues in Open Auto Classifieds

Date: 27th August 2009
Link to advisory at MorningStar Security