Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SSD Advisory – phpCollab Unauth RCE

TL;DR Find out how a vulnerability in phpCollab allows an unauthenticated user to reach RCE abilities and run code as ‘www-data’. Vulnerability Summary phpCollab is “a project management and collaboration system. Features include: team/client sites,

SSD Advisory – rConfig Unauthenticated RCE

TL;DR Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain ‘apache’ user access to the vulnerable rConfig installation. Vulnerability Summary rConfig is “an open source network device configuration

SSD Advisory – Aegir with Apache LPE

TL;DR Find out how we exploited a behavior of Apache while using the limited rights of Aegir user to gain root access. Vulnerability Summary Aegir is a free and open source Unix based web hosting control

SSD Advisory – Roundcube Incoming Emails Stored XSS

TL;DR Find out how we exploited Roundcube webmail application and crafted an email containing malicious HTML that execute arbitrary JavaScript code in the context of the vulnerable user’s inbox. Vulnerability Summary Roundcube webmail is a


Get in touch