SSD Advisory – TOTOLink Auth Bypass and Device Backdoor
Find out how the Chrome Ad-Heavy detection mechanism can be bypassed, bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run.
Advisories
archive
SSD Advisory – Chrome Ad Heavy Bypass (via history.back())
Find out how the Chrome Ad-Heavy detection mechanism can be bypassed, bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run.
SSD Advisory – Chrome Ad Heavy Bypass (via SharedWorker)
Find out how the Chrome Ad-Heavy detection mechanism can be bypassed, bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run.
SSD Advisory – macOS Finder RCE
Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands.
SSD Advisory – NETGEAR D7000 Authentication Bypass
Find out how a vulnerability in NETGEAR D7000 device allows remote unauthenticated users to reveal the ‘admin’ password used to login to the admin web interface of the product. NOTE: The vendor states that multiple other devices are also vulnerable.
SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak
Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information.
SSD Advisory – IP-Board Stored XSS to RCE Chain
Find out how an XSS in IP-Board can be leveraged into an remote code execution.
SSD Advisory – aaPanel CSWH to RCE
Find out how a CSWH hijacking vulnerability in aaPanel allows remote attackers to cause an authenticated user to execute arbitrary commands inside aaPanel’s managed servers.
SSD Advisory – SmarterMail XSS
Find out how a cross site scripting vulnerability in SmarterMail allows remote attackers to obtain the JWT token used to authenticate the user.
SSD Advisory – Ivanti Avalanche Directory Traversal
Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the ‘image’ folder.
SSD Advisory – VoIPmonitor UnAuth RCE
Find out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code.
SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure
TL;DR Find out how vulnerabilities in TG8 Firewall allows remote unauthenticated users to execute arbitrary code on the remote device as well as disclose the passwords of existing accounts. Vulnerability Summary Two security vulnerabilities in
