Home - SSD Secure Disclosure
SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.| SSD Secure Disclosure
SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.| SSD Secure Disclosure
Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering double-free error with high stability. The attacker can take advantage of kernel exploitation techniques to achieve local privilege escalation. Credit … Read More »| SSD Secure Disclosure
Summary WASM isorecursive canonical type id <-> wasm::HeapType / wasm::ValueType confusion in JS-to-WASM conversion functions and their wrappers (FromJS(), (Wasm)JSToWasmObject(), etc.), resulting in type confusion between arbitrary WASM types. This can be considered a variant bug of CVE-2024-2887 discovered by Manfred Paul and presented in Vancouver 2024. Credit An independent security researcher, Seunghyun Lee (@0x10n), … Read More »| SSD Secure Disclosure
Summary A vulnerability in XenForo allows a user to trigger an RCE via incorrect parsing and handling of user provided templates, this combined with another CSRF vulnerability. might allow unauthenticated attackers to execute arbitrary code whenever an admin user with permissions to administer styles / widgets will visit a specially crafted page / link. Credit … SSD Advisory – XenForo RCE via CSRF Read More »| SSD Secure Disclosure
Summary A stack-based overflow exists in UDTMediaServer, one of the binaries running in the background in Foscam. This vulnerability could be exploited to execute any command. Credit Yoseop Kim working with SSD Labs Korea Vendor Response The vendor has released an updated version, https://www.foscam.com/downloads/firmware_details.html?id=143 Affected Versions Foscam R4M running version V-2.x.2.67 Root cause analysis First, … Read More »| SSD Secure Disclosure
