October 15, 2017 - SSD Secure Disclosure

SSD Advisory – Webmin Multiple Vulnerabilities

4 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets …

SSD Advisory – Webmin Multiple Vulnerabilities Read More »

SSD Advisory – ZTE uSmartView DLL Hijacking

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products (including cloud terminals, cloud desktops, virtualization software, and cloud storage products) and end-to-end integrated product, which can be applied to different scenarios such as office, training classroom, multimedia classroom, and business …

SSD Advisory – ZTE uSmartView DLL Hijacking Read More »

SSD安全公告 – Mac OS X 10.12隔离机制绕过漏洞

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

漏洞概要 Mac OS X存在一个漏洞，该漏洞允许攻击者绕过Apple的隔离机制，不受任何限制执行任意JavaScript代码. 漏洞提交者来自WeAreSegment的安全研究者Filippo Cavallarin向Beyond Security的SSD报告了该漏洞. 厂商响应苹果公司已于2017年6月27日收到了我们的报告，并和我们进行了多次沟通。苹果公司通知我们，在即将发布的High Sierra操作系统中会修补这个漏洞。这之后，苹果公司再没有提供任何其他信息 – 既没有链接公告，也没有提供关于CVE编号分配的任何信息. 我们已经验证在Mac OS X High Sierra中已不存在该漏洞。对于该漏洞的解决办法是升级到Mac OS X High Sierra，或者移除rhtmlPlayer.html文件修复该漏洞.

SSD Advisory – Microsoft Office SMB Information Disclosure

1 Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Vulnerability Summary The following advisory describes an information disclosure found in Microsoft Office versions 2010, 2013, and 2016. Microsoft Office is: “Whether you’re working or playing, Microsoft is here to help. We’re the company that created Microsoft Office, including Office 365 Home, Office 365 Personal, Office Home & Student 2016, Office Home & Business 2016, …

SSD Advisory – Microsoft Office SMB Information Disclosure Read More »

Day: October 15, 2017

SSD Advisory – Webmin Multiple Vulnerabilities

SSD Advisory – ZTE uSmartView DLL Hijacking

SSD安全公告 – Mac OS X 10.12隔离机制绕过漏洞

SSD Advisory – Microsoft Office SMB Information Disclosure

Get in touch

?

?

Get in touch