Collaborate Disseminate
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. Continue reading D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws
Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internet’s most popular mail server, Exim. Continue reading Action required! Exim mail servers need urgent patching
Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability tha… Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. Continue reading Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
Thousands of software projects and libraries contain code that extracts archives in an insecure way, allowing attackers to write arbitrary files outside the intended directories. In many cases, this can lead to remote code execution. The vulnerability… Continue reading Zip Slip Vulnerability Affecting Thousands of Apps Puts Systems at Risk
Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change… Continue reading SSD Advisory – QRadar Remote Command Execution
Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the th… Continue reading SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution
Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security̵… Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE
Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It i… Continue reading VK Messenger (VKontakte) vk:// URI Handler Commands Execution
The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all … Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow