advisories - Page 2 of 29 - SSD Secure Disclosure

SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege

A vulnerability allows remote attackers to elevate privileges on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication is required to exploit this vulnerability.

SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance.

SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction

A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.

SSD Advisory – pfSense Post Auth RCE

TL;DR A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code – this in turn would allow an attacker to compromise the machine on which the pfSense is installed. Vulnerability

SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE

A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.

SSD Advisory – Linux CONFIG_WATCH_QUEUE LPE

A vulnerability in the way Linux handles the CONFIG_WATCH_QUEUE allows local attackers to reach a race condition and use this to elevate their privileges to root.

SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE

Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.

SSD Advisory – Apple Safari ICU Out-Of-Bounds Write

SSD Advisory – Apple Safari IDN URL Spoofing

SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – Froxlor Server Management Panel File Upload Filter Bypass and RCE

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – VestaCP Multiple Vulnerabilities

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

Advisories
archive

SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege

SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution

SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction

SSD Advisory – pfSense Post Auth RCE

SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE

SSD Advisory – Linux CONFIG_WATCH_QUEUE LPE

SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE

SSD Advisory – Apple Safari ICU Out-Of-Bounds Write

SSD Advisory – Apple Safari IDN URL Spoofing

SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE

SSD Advisory – Froxlor Server Management Panel File Upload Filter Bypass and RCE

SSD Advisory – VestaCP Multiple Vulnerabilities

Get in touch

?

?

Get in touch

Advisories archive

Get in touch

?

Get in touch

Advisories
archive