QNAP QTS 0day (CVE-2017-5227)

Pasquale `sid` Fiorillo and Guido `go` Oricchio have released a critical security advisory for any QNAP NAS running any version of QTS prior to 4.2.4 Build 20170313.

The issue involves all the QNAP NAS that are members of a Microsoft Active Directory and can be used by any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator.

VeeamVixProxy 0day (CVE-2015-5742)

Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have released a critical security advisory for any version of Veeam Backup & Replication prior to 8 Update 3.

The issue potentially involves 157,000 customers and 9.1 million Virtual Machines worldwide and could lead to full Domain Administrator compromise of the affected infrastructures.

Veeam Software provides backup, disaster recovery and virtualization management software for the VMware and Hyper-V environments.