Advisories archive

SSD Advisory – Windows Installer Elevation of Privileges Vulnerability
TL;DR Vulnerability in Windows Installer allows local users to gain elevated SYSTEM privileges in Windows. Vulnerability Summary Windows Installer is
SSD Advisory – phpCollab Unauth RCE
TL;DR Find out how a vulnerability in phpCollab allows an unauthenticated user to reach RCE abilities and run code as
SSD Advisory – PHP SplDoublyLinkedList UAF Sandbox Escape
TL;DR Find out how a use after free vulnerability in PHP allows attackers that are able to run PHP code
SSD Advisory – rConfig Unauthenticated RCE
TL;DR Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain 'apache' user access
SSD Advisory – Aegir with Apache LPE
TL;DR Find out how we exploited a behavior of Apache while using the limited rights of Aegir user to gain
SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE
TL;DR Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device. Vulnerability
SSD Advisory – TerraMaster OS exportUser.php Remote Code Execution
TL;DR Find out how we exploited an unauthenticated TerraMaster OS vulnerability and gained root access to the device. Vulnerability Summary
SSD Advisory – Roundcube Incoming Emails Stored XSS
TL;DR Find out how we exploited Roundcube webmail application and crafted an email containing malicious HTML that execute arbitrary JavaScript
SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass
TL;DR Find out how we exploited Mimosa Router's web interface vulnerability and gained root access. Vulnerability Summary Mimosa Networks is
SSD Advisory – SMC Networks Session and Command Injection
TL;DR Find out how we managed to inject an auth session into the device and through it gain a reverse