SSD Advisory – SmarterMail XSS
Find out how a cross site scripting vulnerability in SmarterMail allows remote attackers to obtain the JWT token used to authenticate the user.
Advisories
archive
SSD Advisory – Ivanti Avalanche Directory Traversal
Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the ‘image’ folder.
SSD Advisory – VoIPmonitor UnAuth RCE
Find out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code.
SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure
TL;DR Find out how vulnerabilities in TG8 Firewall allows remote unauthenticated users to execute arbitrary code on the remote device as well as disclose the passwords of existing accounts. Vulnerability Summary Two security vulnerabilities in
SSD Advisory – NETGEAR Nighthawk R7000 httpd PreAuth RCE
TL;DR Find out how a vulnerability in NETGEAR R7000 allows an attacker to run arbitrary code without requiring authentication with the device. Vulnerability Summary A vulnerability allows network-adjacent attackers to execute arbitrary code on affected
SSD Advisory – Hongdian H8922 Multiple Vulnerabilities
TL;DR Find out how multiple vulnerabilities in Hongdian H8922 allow an attacker to run arbitrary commands on the device with root privileges as well as access the device with root privileges via a backdoor account.
SSD Advisory – OverlayFS PE
TL;DR Find out how a vulnerability in OverlayFS allows local users under Ubuntu to gain root privileges. Vulnerability Summary An Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did
SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE
TL;DR Find out how a memory corruption vulnerability can lead to a pre-auth remote code execution on QNAP QTS’s Surveillance Station plugin. Vulnerability Summary QNAP NAS with “Surveillance Station Local Display function can perform monitoring
SSD Advisory – DD-WRT UPNP Buffer Overflow
TL;DR Find out how a vulnerability in DD-WRT allows an unauthenticated attacker to overflow an internal buffer used by UPNP and trigger a code execution vulnerability. Vulnerability Summary DD-WRT is “is Linux-based firmware for wireless
SSD Advisory – VestaCP LPE Vulnerabilities
TL;DR Find out how multiple vulnerabilities in VestaCP allow an authenticated attacker to elevate his access to root privileges. Vulnerability Summary VestaCP is “an open source hosting control panel, a clean and focused interface without
SSD Advisory – GNU GRUB Command Injection
TL;DR Find out how a vulnerability in GNU GRUB allows users on a Linux system to inject commands into the process of grub-mkconfig which allows them to execute arbitrary commands with elevated privileges. Vulnerability Summary
SSD Advisory – Yealink DM Pre Auth ‘root’ level RCE
TL;DR Find out how multiple vulnerabilities in Yealink DM (Device Management) allow an unauthenticated attacker to run arbitrary commands on the server with root privileges. Vulnerability Summary Yealink DM (Device Management) platform – “offers a
