Code Execution

SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

A vulnerability allows remote attackers to elevate privileges on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance. Authentication is required to exploit this vulnerability.

SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance.

SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.

SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.

SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – Froxlor Server Management Panel File Upload Filter Bypass and RCE

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – VestaCP Multiple Vulnerabilities

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – Exchange Server GetWacInfo Information Disclosure Vulnerability

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – Uniview PreAuth RCE

Leave a Comment / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.

SSD Advisory – Rocket.Chat Client-side Remote Code Execution

2 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how the Chrome Ad-Heavy detection mechanism can be bypassed, bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run.

SSD Advisory – macOS Finder RCE

28 Comments / Vulnerability publication / By SSD Secure Disclosure technical team

Find out how a vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands.

Get in touch

Any questions? Interested in our services?

We’d love to hear from you