Lobsters
- macOS Finder RCE https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ 3 comments mac , security
- A vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11 https://ssd-disclosure.com/ssd-advisory-common-log-file-system-clfs-driver-pe/ 3 comments netsec
- New TP-Link authentication Bypass! https://ssd-disclosure.com/ssd-advisory-tp-link-ncxxx-authentication-bypass 3 comments netsec
- New Zyxel RCE Vulnerability allows remote attackes execute commands as root! https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/ 7 comments netsec
- A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/ 5 comments reverseengineering
- EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/ 8 comments netsec
- A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code. https://ssd-disclosure.com/ssd-advisory-roundcube-markasjunk-rce/ 3 comments netsec
- A vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Secure Manager Appliance and Cisco Email Security Appliance https://ssd-disclosure.com/ssd-advisory-cisco-secure-manager-appliance-remediation_request_utils-sql-injection-remote-code-execution/ 2 comments reverseengineering
- A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone. https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/ 5 comments reverseengineering
- A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone. https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/ 2 comments netsec
- A vulnerability in the way Linux handles the CLOCK_THREAD_CPUTIME_ID allows local attackers to reach a race condition and use this to elevate their privileges to root https://ssd-disclosure.com/ssd-advisory-linux-clock_thread_cputime_id-lpe/ 4 comments reverseengineering
- How a vulnerability in Rocket.Chat client allows remote attackers to cause a victim clicking on a seemingly harmless link to execute arbitrary commands - SSD Advisory https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/ 2 comments reverseengineering
- How multiple vulnerabilities in TOTOLink allows a LAN unauthenticated attacker to gain root access to the device https://ssd-disclosure.com/ssd-advisory-totolink-auth-bypass-and-device-backdoor/ 2 comments reverseengineering
- Chrome Ad-Heavy detection mechanism: How it can be bypassed and allow ads that are breaching the restrictions imposed by Chrome to still run https://ssd-disclosure.com/ssd-advisory-chrome-ad-heavy-bypass-via-sharedworker/ 10 comments netsec
- SSD Advisory – macOS Finder RCE: A vulnerability in macOS Finder system allows remote attackers to trick users into running arbitrary commands. https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ 13 comments netsec
- CVE-2021-31802: NETGEAR Nighthawk R7000 httpd PreAuth RCE https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ 8 comments reverseengineering
- Hacking Roundcube - from XSS to exfiltrating the inbox https://ssd-disclosure.com/ssd-advisory-roundcube-incoming-emails-stored-xss/ 2 comments netsec
- New Advisory: Mimosa Routers Privilege Escalation and Authentication bypass - SSD Secure Disclosure https://www.ssd-disclosure.com/ssd-advisory-mimosa-routers-privilege-escalation-and-authentication-bypass/ 6 comments netsec
- Cisco AnyConnect Privilege Elevation through Path Traversal https://ssd-disclosure.com/ssd-advisory-cisco-anyconnect-privilege-elevation-through-path-traversal/ 7 comments netsec