... Loading ...

SSD Secure Disclosure

Disclosing vulnerabilities responsibly since 2007

SSD Advisory – Fortigate DHCP Stored XSS

Vulnerability Summary The following advisory describes a Stored XSS Vulnerability found in Fortinet’s Fortigate Firewall(FortiOS) via an unauthenticated DHCP packet. CVE CVE-2019-6697 Credit An independent Security Researcher, Toshitsugu Yoneyama, has reported this vulnerability to SSD Secure Disclosure program. Affected systems FortiOS v6.0.4 build 0231. Vendor Response Fortigate has fixed the vulnerability in FortiOS version 6.2.2 […]

SSD Advisory – Firefox Sandbox Infoleak From Uninitialized Handle In CrossCall

Vulnerability summary The crosscall FilesystemDispatcher::NtOpenFile can leak an uninitialized handle value to a renderer due to an incorrect return value in FileSystemPolicy::OpenFileAction. The crosscall NtOpenKey seems to also suffer from the exact same bug. In this advisory, we show how to leak a function pointer stored in the broker’s stack (corresponding, in this case, to […]

SSD Advisory – Adobe Acrobat Reader DC Use After Free

Vulnerability Summary A use-after-free vulnerability exists in Adobe Acrobat Reader DC, which allows attackers execute arbitrary code with the privileges of the current user. CVE CVE-2019-7805 Credit An independent Security Researcher has reported this vulnerability to SSD Secure Disclosure program. Affected systems Product Track Affected Versions Platform Acrobat DC Continuous 2019.010.20100 and earlier versions Windows […]

SSD Advisory – GetSimple CMS Unauthenticated Remote Code Execution

Vulnerabilities Summary The following advisory describes a vulnerability in GetSimple CMS which allows unauthenticated attackers to perform Remote Code Execution. CVE CVE-2019-11231 Credit An independent Security Researcher, truerand0m, has reported this vulnerability to SSD Secure Disclosure program. Affected systems GetSimple CMS version 3.3.15 (Latest at the time of writing this post) and before. Vendor Response […]

SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation

Vulnerabilities Summary The following advisory describes a vulnerability in Vesta control panel (VestaCP), an open source hosting control panel, which can be used to manage multiple websites, create and manage email accounts, FTP accounts, and MySQL databases, manage DNS records and more. CVE CVE-2019-9859 Credit An independent Security Researcher, 0xecute, has reported this vulnerability to […]

SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation

(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training) Vulnerabilities Summary The following advisory describes security bugs […]

SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE

Vulnerabilities Summary The following advisory describes two vulnerabilities found in Synology PhotoStation, an unauthenticated SQL injection combined with an authenticated arbitrary file writing with partially controlled data vulnerabilities which leads to remote code execution. CVE CVE-2019-11821 and CVE-2019-11822 Credit Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

SSD Advisory – VxWorks RPC Buffer Overflow

Vulnerability Summary The following advisory describes a vulnerability found in the Remote Procedure Call (RPC) component of the VxWorks real-time Opearting System, which suffers from a buffer overflow, this buffer overflow can be exploited to cause the component to execute arbitrary code. CVE CVE-2019-9865 Credit An independent Security Researcher, Yu Zhou, has reported this vulnerability […]

SSD Advisory – Horde Groupware Webmail Authenticated Arbitrary File Injection to RCE

Vulnerabilities Summary The following advisory discusses an arbitrary file injection vulnerability that leads to remote code execution in Horde Groupware Webmail. This vulnerability can be exploited by any authenticated, unprivileged user which able to create a malicious PHP file under the Horde web root and gain arbitrary code execution on the server. The vulnerability is […]

SSD Advisory – MDaemon Mail Server Multiple XSS Vulnerabilities

Vulnerabilities SummaryThe following advisory describes two XSS vulnerabilities found in MDaemon Mail Server which lets attackers send emails with malicious payloads and run client side code on victim’s browsers just by opening an email. CVECVE-2019-8983CVE-2019-8984 CreditAn independent security researcher, Zhong Zhaochen, has reported this vulnerability to SSD Secure Disclosure program.