Advisories
archive

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SSD Advisory – TOTOLINK LR1200GB Auth Bypass

Summary A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface. Additional post-auth vulnerabilities in the product allow for command injection and their

SSD Advisory – WifiKey AC Gateway Pre-auth RCE

Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure

TurboRand: V8 Type Confusion Private Property Leak

Introduction TurboRand is a v8 exploitation during the TyphoonCTF 2023, this challenge (a.k.a TruboFan is no Fun) centred around a TurboFan (V8’s optimising compiler) type confusion bug. For the challenge we provided contenders with multiple

SSD Advisory –  Roundcube markasjunk RCE

Summary A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. Credit An independent security researcher, Selim Enes Karaduman, working with

SSD Advisory –  KerioControl Remote Code Execution

Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor

SSD Advisory – Kerio Mailbox Takeover

Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email

?

Get in touch