TL;DR Find out how a use after free vulnerability in PHP allows attackers that are able to run PHP code to escape disable_functions restrictions. Vulnerability Summary PHP’s SplDoublyLinkedList is vulnerable to an UAF since it has been added to PHP’s core (PHP version 5.3, in 2009). The UAF allows to escape the PHP sandbox and …
SSD Advisory – PHP SplDoublyLinkedList UAF Sandbox Escape Read More »
TL;DR Find out how we managed to inject an auth session into the device and through it gain a reverse root tcp shell in SMC Networks devices. Vulnerability Summary SMC Networks provides many Network products, one of them is Modems.SMC’s Modems are used to transmit data over between your connected devices in your Network.A vulnerability …
SSD Advisory – SMC Networks Session and Command Injection Read More »
A vulnerability in ManageEngine OpManager allows a remote attacker to leak the API key of the product (administrative level API key) which we can then use to execute remote commands with root privileges.
Vulnerability SummaryThe update functionality of the Cisco AnyConnect Secure Mobility Client for Windows is affected by a path traversal vulnerability that allows local attackers to create/overwrite files in arbitrary locations. Successful exploitation of this vulnerability allows the attacker to gain SYSTEM privileges. CreditAn independent Security Researcher, Yorick Koster, has reported this vulnerability to SSD Secure …
SSD Advisory – Cisco AnyConnect Privilege Elevation through Path Traversal Read More »
Vulnerability SummaryIn FreeBSD there is a cryptographic device module called cryptodev which is accessible by any user on the system. Due to an absence of a locking mechanism, an attacker is able to create a race condition in the device mechanism and trigger a Use After Free vulnerability. If performed correctly, an attacker is able …
SSD Advisory – FreeBSD Use After Free due to Race Condition Read More »
Introduction:Each year, as part of TyphoonCon; our All Offensive Security Conference, we are offering cash prizes for vulnerabilities and exploitation techniques found. At our latest hacking competition: TyphoonPwn 2019, an independent Security Researcher demonstrated three vulnerabilities to our team which were followed by our live demonstration on stage. The Researcher was awarded an amazing sum …
SSD Advisory – iOS Jailbreak via Sandbox Escape and Kernel R/W leading to RCE Read More »
Vulnerability SummaryThe following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH.CVECVE-2019-16905CreditAn independent Security Researcher, Adam “pi3” Zabrocki, has reported this vulnerability to SSD Secure Disclosure program.Affected SystemsOpenSSH version 7.7 up to the latest one (8.0) supporting XMSS keys (compiled with a defined WITH_XMSS macro).Nevertheless, the bug is only there …
SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow Read More »
Vulnerability summary The crosscall FilesystemDispatcher::NtOpenFile can leak an uninitialized handle value to a renderer due to an incorrect return value in FileSystemPolicy::OpenFileAction. The crosscall NtOpenKey seems to also suffer from the exact same bug. In this advisory, we show how to leak a function pointer stored in the broker’s stack (corresponding, in this case, to …
SSD Advisory – Firefox Sandbox Infoleak From Uninitialized Handle In CrossCall Read More »
Vulnerability SummaryA use-after-free vulnerability exists in Adobe Acrobat Reader DC, which allows attackers execute arbitrary code with the privileges of the current user.CVECVE-2019-7805CreditAn independent Security Researcher has reported this vulnerability to SSD Secure Disclosure program.Affected systems Product Track Affected Versions Platform Acrobat DC Continuous 2019.010.20100 and earlier versions Windows and macOS Acrobat Reader DC Continuous …
SSD Advisory – Adobe Acrobat Reader DC Use After Free Read More »
(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory describes security bugs discovered in …
Vulnerability SummaryThe following advisory describes a vulnerability found in the Remote Procedure Call (RPC) component of the VxWorks real-time Opearting System, which suffers from a buffer overflow, this buffer overflow can be exploited to cause the component to execute arbitrary code.CVECVE-2019-9865CreditAn independent Security Researcher, Yu Zhou, has reported this vulnerability to SSD Secure Disclosure program.Affected …
AbstractSquirrelMail allows to display HTML messages provided that non-safe fragments are redacted. An input sanitization vulnerability that can be exploited to perform stored cross-site scripting (XSS) attacks has been discovered.A remote attacker can send a specially crafted e-mail containing malicious HTML and execute arbitrary JavaScript code in the context of the vulnerable webmail interface when …
Any questions? Interested in our services?
We’d love to hear from you
