SSD Advisory – IP-Board Stored XSS to RCE Chain
Find out how an XSS in IP-Board can be leveraged into an remote code execution.
Cross Site Scripting
SSD Advisory – aaPanel CSWH to RCE
Find out how a CSWH hijacking vulnerability in aaPanel allows remote attackers to cause an authenticated user to execute arbitrary commands inside aaPanel’s managed servers.
SSD Advisory – SmarterMail XSS
Find out how a cross site scripting vulnerability in SmarterMail allows remote attackers to obtain the JWT token used to authenticate the user.
SSD Advisory – Roundcube Incoming Emails Stored XSS
TL;DR Find out how we exploited Roundcube webmail application and crafted an email containing malicious HTML that execute arbitrary JavaScript code in the context of the vulnerable user’s inbox. Vulnerability Summary Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface.An input sanitization vulnerability in Roundcube can be exploited to perform a …
SSD Advisory – Roundcube Incoming Emails Stored XSS Read More »
SquirrelMail – Incoming e-Mails Stored XSS
AbstractSquirrelMail allows to display HTML messages provided that non-safe fragments are redacted. An input sanitization vulnerability that can be exploited to perform stored cross-site scripting (XSS) attacks has been discovered.A remote attacker can send a specially crafted e-mail containing malicious HTML and execute arbitrary JavaScript code in the context of the vulnerable webmail interface when …
SSD Advisory – MDaemon Mail Server Multiple XSS Vulnerabilities
Vulnerabilities SummaryThe following advisory describes two XSS vulnerabilities found in MDaemon Mail Server which lets attackers send emails with malicious payloads and run client side code on victim’s browsers just by opening an email. CVECVE-2019-8983CVE-2019-8984 CreditAn independent security researcher, Zhong Zhaochen, has reported this vulnerability to SSD Secure Disclosure program.
SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE
Vulnerabilities SummaryCisco Identity Services Engine (ISE) contains three vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first is a Stored Cross Site Scripting file upload vulnerability that allows the attacker to upload and execute html pages on victims browser. The second is an already known vulnerability …
SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE Read More »
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution
Vulnerabilities SummaryThe following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation.CVECVE-2018-18072CreditAn independent security researcher, Karn Ganeshen has reported this vulnerability to Beyond Security’s SecuriTeam Secure …
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution Read More »
SSD安全公告-Endian防火墙从存储型XSS到远程命令执行
漏洞概要 以下安全公告描述了在Endian防火墙5.0.3版本中存在的一个存储型XSS漏洞,成功利用该漏洞可造成远程代码执行。 Endian防火墙是一个“专注Linux安全的发行版本,,它是一个独立的,统一的安全管理操作系统。 Endian防火墙基于强化的Linux操作系统。” 漏洞提交者 一位独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 厂商已经发布针对该漏洞的补丁。获取更多信息: https://help.endian.com/hc/en-us/articles/115012996087
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution
Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An …
SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution Read More »
SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS
Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been …
SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS Read More »
SSD Advisory – Webmin Multiple Vulnerabilities
Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets …
