... Loading ...

SSD Secure Disclosure

Disclosing vulnerabilities responsibly since 2007

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to […]

SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the […]

SSD Advisory – QRadar Remote Command Execution

Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change from unauthenticated to authenticated access, to running commands, and finally running these commands with root privileges. Vendor […]

SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution

Vulnerability Summary Multiple vulnerabilities in TrustPort’s management product allow remote unauthenticated attackers to cause the product to execute arbitrary code. TrustPort Management “offers you an effective and practical way to install centrally, configure and update antivirus software in your network and it enables mass administration of TrustPort products. Central administration from TrustPort brings you simple […]

SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure […]

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages […]

SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet technology reduces power consumption by up to 50%. For your convenience […]