Advisories
archive

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SSD Advisory –  Roundcube markasjunk RCE

Summary A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. Credit An independent security researcher, Selim Enes Karaduman, working with

SSD Advisory –  KerioControl Remote Code Execution

Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor

SSD Advisory – Kerio Mailbox Takeover

Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email

SSD Advisory – SonicWall Out Of Bounds Write DoS

Summary A vulnerability in SonicWall allows remote attackers to crash the target server on affected installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `httpServer` function. The issue results

Win32k User-Mode Printer Drivers StartDoc UAF

Summary A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines.

SSD Advisory – pfSense Post Auth RCE

TL;DR A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code – this in turn would allow an attacker to compromise the machine on which the pfSense is installed. Vulnerability

?

Get in touch