Collaborate Disseminate
In our upcoming Hack2Win eXtreme event in Hong Kong we will be asking contest participants to come and try their skills breaking into devices and software, showing their abilities in finding vulnerabilities in iOS and Android, as well as in Chrome and … Continue reading Hack2Win eXtreme Warm Up
Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change… Continue reading SSD Advisory – QRadar Remote Command Execution
Vulnerability Summary A use after free vulnerability in AF_LLC allows local attackers to control the flow of code that the kernel executes, allowing them to cause it to run arbitrary code and gain elevated privileges. Vendor Response The vulnerability … Continue reading SSD Advisory – Linux AF_LLC Double Free
Vulnerability Summary Multiple vulnerabilities in TrustPort’s management product allow remote unauthenticated attackers to cause the product to execute arbitrary code. TrustPort Management “offers you an effective and practical way to insta… Continue reading SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution
Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the th… Continue reading SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution
Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security̵… Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE
Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)
Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It i… Continue reading VK Messenger (VKontakte) vk:// URI Handler Commands Execution
During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyond… Continue reading beVX Conference Challenge
Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless R… Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure