SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.
A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root.
A vulnerability in the way Linux handles the CONFIG_WATCH_QUEUE allows local attackers to reach a race condition and use this to elevate their privileges to root.
Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.
Find out how a vulnerability in multiple Uniview devices allow remote unauthenticated attackers to trigger a remote code execution vulnerability in the products the company offers.
Find out how the Chrome Ad-Heavy detection mechanism can be bypassed, bypassing the mechanism would allow ads that are breaching the restrictions imposed by Chrome to still run.
Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information.
Find out how an XSS in IP-Board can be leveraged into an remote code execution.
TL;DR Find out how a vulnerability in DD-WRT allows an unauthenticated attacker to overflow an internal buffer used by UPNP and trigger a code execution vulnerability. Vulnerability Summary DD-WRT is “is Linux-based firmware for wireless routers and access points. Originally designed for the Linksys WRT54G series, it now runs on a wide variety of models”. …
TL;DR Find out how multiple vulnerabilities in VestaCP allow an authenticated attacker to elevate his access to root privileges. Vulnerability Summary VestaCP is “an open source hosting control panel, a clean and focused interface without the clutter, and has the latest of very innovative technologies”. Two security vulnerabilities in VestaCP allow attackers that have access …
TL;DR Find out how a vulnerability in GNU GRUB allows users on a Linux system to inject commands into the process of grub-mkconfig which allows them to execute arbitrary commands with elevated privileges. Vulnerability Summary GRUB ships with a script that allows generating /boot/grub/grub.cfg based on the operating systems installed on all the devices attached …
TL;DR Find out how a vulnerability in Infinite WP’s password reset mechanism allows an unauthenticated user to become authenticated and then carry out a Remote Code Execution. Vulnerability Summary InfiniteWP is “free self hosted, multiple WordPress site management solution. It simplifies your WordPress tasks with a click of a button”. A vulnerability in InfiniteWP allows …
SSD Advisory – Auth Bypass and RCE in Infinite WP Admin Panel Read More »
TL;DR Vulnerability in Windows Installer allows local users to gain elevated SYSTEM privileges in Windows. Vulnerability Summary Windows Installer is a software component and application programming interface of Microsoft Windows used for the installation, maintenance, and removal of software. Windows Installer suffers from a local privilege escalation allowing a local user to gain SYSTEM on …
SSD Advisory – Windows Installer Elevation of Privileges Vulnerability Read More »