Advisories archive

SSD Advisory – GNU GRUB Command Injection
TL;DR Find out how a vulnerability in GNU GRUB allows users on a Linux system to inject commands into the
SSD Advisory – Yealink DM Pre Auth ‘root’ level RCE
TL;DR Find out how multiple vulnerabilities in Yealink DM (Device Management) allow an unauthenticated attacker to run arbitrary commands on
SSD Advisory – NetMotion Mobility Server Multiple Deserialization of Untrusted Data Lead to RCE
TL;DR Find out how multiple vulnerabilities in NetMotion Mobility Server allow an unauthenticated attacker to run arbitrary code on the
SSD Advisory – IBM AIX snmpd ASN.1 OID parsing stack overflow
TL;DR Find out how a vulnerability in IBM AIX's snmpd service allows an unauthenticated attacker to trigger a stack overflow
SSD Advisory – Auth Bypass and RCE in Infinite WP Admin Panel
TL;DR Find out how a vulnerability in Infinite WP's password reset mechanism allows an unauthenticated user to become authenticated and
SSD Advisory – Windows Installer Elevation of Privileges Vulnerability
TL;DR Vulnerability in Windows Installer allows local users to gain elevated SYSTEM privileges in Windows. Vulnerability Summary Windows Installer is
SSD Advisory – phpCollab Unauth RCE
TL;DR Find out how a vulnerability in phpCollab allows an unauthenticated user to reach RCE abilities and run code as
SSD Advisory – PHP SplDoublyLinkedList UAF Sandbox Escape
TL;DR Find out how a use after free vulnerability in PHP allows attackers that are able to run PHP code
SSD Advisory – rConfig Unauthenticated RCE
TL;DR Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain 'apache' user access
SSD Advisory – Aegir with Apache LPE
TL;DR Find out how we exploited a behavior of Apache while using the limited rights of Aegir user to gain