SSD Advisory – Chrome Turbofan Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 16 Aug 2017 07:21:39 +0000

Vulnerability Summary The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59. Chrome browser is affected by a type confusion vulnerability. The vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and … Continue reading SSD Advisory – Chrome Turbofan Remote Code Execution

Read more

SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:50:38 +0000

Vulnerability Summary The following advisory describes a use after free vulnerability that leads to remote code execution found in Acrobat Reader DC version 2017.009.20044. Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address this vulnerability. For more information: … Continue reading SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

Read more

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Credit to Author: SSD / Maor Schwartz| Date: Wed, 09 Aug 2017 10:47:48 +0000

Vulnerability Summary The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. Credit An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response The vendor has released patches to address … Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Read more

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Credit to Author: SSD / Maor Schwartz| Date: Tue, 08 Aug 2017 08:49:00 +0000

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN … Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Read more

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Mon, 07 Aug 2017 05:23:22 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier. Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you … Continue reading SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Read more

SSD Advisory – Dashlane DLL Hijacking

Credit to Author: SSD / Maor Schwartz| Date: Thu, 03 Aug 2017 06:30:36 +0000

Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely sync their data between an unlimited number of devices on all platforms.” Credit An … Continue reading SSD Advisory – Dashlane DLL Hijacking

Read more

Hack2Win – The Online Version – Ubiquiti Router

Credit to Author: SSD / Maor Schwartz| Date: Tue, 01 Aug 2017 12:55:01 +0000

After the great success of the first “Hack2Win – The Online Version” (https://blogs.securiteam.com/index.php/archives/3310 ) we decided to raise the bar. The rules are very simple – you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To try and help you win – we bought a Ubiquiti … Continue reading Hack2Win – The Online Version – Ubiquiti Router

Read more

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Credit to Author: SSD / Maor Schwartz| Date: Sun, 30 Jul 2017 06:47:06 +0000

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures … Continue reading SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Read more

SSD Advisory – Supervisor Authenticated Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Wed, 26 Jul 2017 10:45:54 +0000

Vulnerability Summary The following advisory describes an authenticated remote code execution vulnerability in Supervisor version 3.1.2 and Supervisor version 3.3.2. Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems – used to control processes related to a project or a customer, and is … Continue reading SSD Advisory – Supervisor Authenticated Remote Code Execution

Read more

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Mon, 24 Jul 2017 05:25:58 +0000

Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that … Continue reading SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Read more

SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Credit to Author: SSD / Maor Schwartz| Date: Sun, 16 Jul 2017 07:24:56 +0000

Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, … Continue reading SSD Advisory – Geneko Routers Unauthenticated Path Traversal

Read more