Buffer Overflow

SSD Advisory – HiSilicon Multiple Vulnerabilities

2 Comments / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware. HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and …

SSD Advisory – HiSilicon Multiple Vulnerabilities Read More »

SSD Advisory – DropBear Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes four (4) vulnerabilities in DropBear. DropBear is a SSH server and client. It runs on a variety of POSIX-based platforms. DropBear is open source software, distributed under a MIT-style license. DropBear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. The four vulnerabilities found …

SSD Advisory – DropBear Multiple Vulnerabilities Read More »

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite

1 Comment / Vulnerability publication / By

Vulnerability Description BusyBox provides an `arp` applet which is missing an array bounds check for command-line parameter `IFNAME`. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS …

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite Read More »

SSD Advisory – Xerox DocuShare Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

Introduction DocuShare is a content management system developed by Xerox Corporation. DocuShare makes use of open standards and allows for managing content, integrating it with other business systems, and developing customized and packaged software applications. Multiple vulnerabilities have been found in Xerox DocuShare:   DSUtilityLib.HelperObj.4 Activex Control ShowHelp Method lstrcatW() Call Stack Buffer Overflow Vulnerability …

SSD Advisory – Xerox DocuShare Multiple Vulnerabilities Read More »

SSD Advisory – Dynamic Web TWAIN SDK Vulnerabilities

Leave a Comment / Vulnerability publication / By

Introduction Dynamic Web TWAIN is a TWAIN-based scanning SDK software specifically designed for web applications. With just a few lines of code, you can develop robust applications to scan documents from TWAIN-compatible scanners, edit the scanned images and save them to a file system. Vulnerability Details Two security vulnerabilities have been found in Dynamic Web …

SSD Advisory – Dynamic Web TWAIN SDK Vulnerabilities Read More »

Hack2Win – 1st Day Update

Leave a Comment / Hack2Win, Vulnerability publication / By

Hi, Thank you everyone that participated, we had quite a few participants trying their skills at hacking various networking and IOT devices. Out of the 9 available devices, 2 were removed after they were completely owned, another one was removed because testing of it caused it to do a factory reset and become unreachable (no IP address). …

Hack2Win – 1st Day Update Read More »

SSD Advisory – Rocket BlueZone Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work. Introduction Rocket BlueZone Terminal Emulation Suite is the solution you need if you are looking to replace your aging, expensive, current Terminal Emulation solution. Our software …

SSD Advisory – Rocket BlueZone Multiple Vulnerabilities Read More »

SSD Advisory – Live555 Exploitable Buffer Overflow and Directory Traversal

Leave a Comment / Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Live555 Media Server is …

SSD Advisory – Live555 Exploitable Buffer Overflow and Directory Traversal Read More »

SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability

Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction LibreOffice is a powerful …

SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability Read More »

SSD Advisory – Multiple Evernote Vulnerabilities

Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction Evernote lets you take …

SSD Advisory – Multiple Evernote Vulnerabilities Read More »

SSD Advisory – AIX cmdlvm Vulnerability

Vulnerability publication / By

SecuriTeam Secure Disclosure SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. Introduction AIX (Advanced Interactive eXecutive) …

SSD Advisory – AIX cmdlvm Vulnerability Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch