Use After Free

SSD Advisory – DropBear Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes four (4) vulnerabilities in DropBear. DropBear is a SSH server and client. It runs on a variety of POSIX-based platforms. DropBear is open source software, distributed under a MIT-style license. DropBear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. The four vulnerabilities found …

SSD Advisory – DropBear Multiple Vulnerabilities Read More »

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite

Vulnerability Description BusyBox provides an `arp` applet which is missing an array bounds check for command-line parameter `IFNAME`. It is therefore vulnerable to a command-line based local stack buffer overwrite effectively allowing local users to write past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where an IOCTL for GET_HW_ADDRESS …

SSD Advisory – BusyBox (local) cmdline Stack Buffer Overwrite Read More »

Know your community – Orange Tsai

Happy new year everyone! One of our new year’s resolution is to promote the security community in different ways – sponsoring security conferences, publish new vulnerabilities and to write blog posts about leading security researchers that work and strengthen their local community. One of the best things of being part of the cyber security community …

Know your community – Orange Tsai Read More »

DefCamp Romania 2016

We recently participated in DefCamp conference Romania. It’s our third time sponsoring this conference (!) and first time to attended. Because it was the first time participated in person, we also sponsored the CTF competition and of course – we sponsored the flights, conference entry and accommodation to our community security researchers! that attended. The …

DefCamp Romania 2016 Read More »

Hack2Win 2016 – a CodeBlue Conference Event

Hi everyone, This year again, our Code Blue event will let you win prizes and show your skills in hacking network based devices. We have selected 9 devices so far for you to try and hack. We looked wide and far for different devices, all around the 200$ USD range, so that they won’t be expensive for you to buy …

Hack2Win 2016 – a CodeBlue Conference Event Read More »

SSD Advisory – BMC Track-It Arbitrary File Upload and Information Disclosure

Vulnerability Description BMC Track-It! 11.4 contains an arbitrary file upload vulnerability and an information disclosure vulnerability which can be exploited by an unauthenticated user. The file upload vulnerability can be used to upload a file to the web root and execute code under the IIS user. The information disclosure vulnerability allows you to obtain the …

SSD Advisory – BMC Track-It Arbitrary File Upload and Information Disclosure Read More »

SSD Advisory – Wget Arbitrary Commands Execution

Vulnerability Description A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which …

SSD Advisory – Wget Arbitrary Commands Execution Read More »

HITB 2016 PHP Challenge Write Up

UPDATE: I got word that rileykidd has posted his own write-up, if you would like to see another solution go to: http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-part-1/ The following is a write-up on our Hack in the Box 2016 PHP Challenge that was part of the CTF. The CTF’s goal was to give researchers and security researcher (as CTF was …

HITB 2016 PHP Challenge Write Up Read More »

SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310)

Vulnerability Description A remote unauthenticated code execution vulnerability in Zyxel NSA310 allows remote attackers to execute arbitrary code as a ‘root’ user. The product is being actively sold by Zyxel. Originally the vendor stated that “NSA310 for reasons being that it has been out End of life for over 2 years” which left every customer buying …

SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310) Read More »

SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass

Vulnerability Description RecoverPoint’s virtual appliance can be accessible via SSH with the default credentials of boxmgmt:boxmgmt; during testing, no password change option was found. Using these credentials, it’s possible to escape the management interface via command injection to drop into a shell and further take advantage of sudo privileged operations to read arbitrary files as …

SSD Advisory – EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Read More »

?

Get in touch