... Loading ...

SSD Secure Disclosure

Disclosing vulnerabilities responsibly since 2007

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5. vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites […]

SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes Reflected Cross-Site Scripting (XSS) vulnerabilities and a Remote File Inclusion vulnerability that when combined can lead to arbitrary Javascript code execution, were found in HP OpenCall Media Platform (OCMP), version 4.3.2. HPE OpenCall Media Platform (OCMP) is a suite of software and hardware applications which allow implementation of common […]