Advisories archive

Introduction:Each year, as part of TyphoonCon; our All Offensive Security Conference, we are offering cash prizes for vulnerabilities and exploitation
Vulnerability SummaryWhen an admin accesses the Administrator Control Panel (ACP) in phpBB, a leftover session id GET parameter is present
Vulnerability SummaryThe following advisory describes a Stored XSS Vulnerability found in Fortinet's Fortigate Firewall(FortiOS) via an unauthenticated DHCP packet.CVECVE-2019-6697CreditAn independent
Vulnerability SummaryThe following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH.CVECVE-2019-16905CreditAn independent Security Researcher,
During TyphoonCon 2019 we held an open contest which involved a specially crafted binary program we provided. The goal of
Vulnerability summary The crosscall FilesystemDispatcher::NtOpenFile can leak an uninitialized handle value to a renderer due to an incorrect return value
Vulnerability SummaryA use-after-free vulnerability exists in Adobe Acrobat Reader DC, which allows attackers execute arbitrary code with the privileges of
Vulnerabilities SummaryThe following advisory describes a vulnerability in GetSimple CMS which allows unauthenticated attackers to perform Remote Code Execution.CVECVE-2019-11231CreditAn independent
Vulnerabilities SummaryThe following advisory describes a vulnerability in Vesta control panel (VestaCP), an open source hosting control panel, which can
(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in