Summary A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system. Credit An independent security researcher working with SSD Secure Disclosure, the vulnerability was one of
Summary A vulnerability in TP-Link’s TL-WR840N allows remote attackers to trigger a stack overflow vulnerability allowing remote attackers to cause a denial of service in httpd. Credit An independent security researcher, @delsploit, working with SSD
Summary A vulnerability in EdgeRouters’s and AirCube’s miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure.
Summary A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. Credit An independent security researcher, Selim Enes Karaduman, working with
Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor
Summary A vulnerability in SonicWall allows remote attackers to crash the target server on affected installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `httpServer` function. The issue results
SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
A vulnerability allows remote attackers to elevate privileges on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication is required to exploit this vulnerability.
SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance.
A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.
TL;DR A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code – this in turn would allow an attacker to compromise the machine on which the pfSense is installed. Vulnerability
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.