Vulnerability SummaryWhen an admin accesses the Administrator Control Panel (ACP) in phpBB, a leftover session id GET parameter is present in the URL when he goes back to the Board index. Using a special remote
Vulnerability SummaryThe following advisory describes a Stored XSS Vulnerability found in Fortinet’s Fortigate Firewall(FortiOS) via an unauthenticated DHCP packet.CVECVE-2019-6697CreditAn independent Security Researcher, Toshitsugu Yoneyama, has reported this vulnerability to SSD Secure Disclosure program.Affected systemsFortiOS v6.0.4
Vulnerability SummaryThe following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH.CVECVE-2019-16905CreditAn independent Security Researcher, Adam “pi3” Zabrocki, has reported this vulnerability to SSD Secure Disclosure program.Affected SystemsOpenSSH version 7.7
During TyphoonCon 2019 we held an open contest which involved a specially crafted binary program we provided. The goal of the contest was to code a program which, when launched, interacts with the challenge program
Vulnerability summary The crosscall FilesystemDispatcher::NtOpenFile can leak an uninitialized handle value to a renderer due to an incorrect return value in FileSystemPolicy::OpenFileAction. The crosscall NtOpenKey seems to also suffer from the exact same bug. In
Vulnerability SummaryA use-after-free vulnerability exists in Adobe Acrobat Reader DC, which allows attackers execute arbitrary code with the privileges of the current user.CVECVE-2019-7805CreditAn independent Security Researcher has reported this vulnerability to SSD Secure Disclosure program.Affected
Vulnerabilities SummaryThe following advisory describes a vulnerability in GetSimple CMS which allows unauthenticated attackers to perform Remote Code Execution.CVECVE-2019-11231CreditAn independent Security Researcher, truerand0m, has reported this vulnerability to SSD Secure Disclosure program.Affected systemsGetSimple CMS version
Vulnerabilities SummaryThe following advisory describes a vulnerability in Vesta control panel (VestaCP), an open source hosting control panel, which can be used to manage multiple websites, create and manage email accounts, FTP accounts, and MySQL
(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon
Vulnerabilities SummaryThe following advisory describes two vulnerabilities found in Synology PhotoStation, an unauthenticated SQL injection combined with an authenticated arbitrary file writing with partially controlled data vulnerabilities which leads to remote code execution.CVECVE-2019-11821 and CVE-2019-11822CreditIndependent
Vulnerability SummaryThe following advisory describes a vulnerability found in the Remote Procedure Call (RPC) component of the VxWorks real-time Opearting System, which suffers from a buffer overflow, this buffer overflow can be exploited to cause
Vulnerabilities SummaryThe following advisory discusses an arbitrary file injection vulnerability that leads to remote code execution in Horde Groupware Webmail. This vulnerability can be exploited by any authenticated, unprivileged user which able to create a
Any questions? Interested in our services?
We’d love to hear from you
