SecuriTeam Secure Disclosure - Tagged - Security Boulevard
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a ...

SSD Advisory – Apache OpenOffice Virtual Table Corruption

Vulnerabilities Summary The following advisory discusses a vulnerability found in Apache OpenOffice. The vulnerability lays inside the part that responsible for parsing documents, which contains has an overflow that let attackers take ...

SSD Advisory – iOS/macOS Kernel task_inspect Information Leak

Vulnerabilities Summary The following advisory discusses a bug found in the kernel function task_inspect which a local user may exploit in order to read kernel memory due to an uninitialized variable. Vendor ...
SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the ...
SSD Advisory – Symfony Framework forward() Remote Code Execution

SSD Advisory – Symfony Framework forward() Remote Code Execution

Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components ...
SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with ...

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited ...

SSD Advisory – Firefox JavaScript Type Confusion RCE

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process ...
SSD Advisory – Firefox Information Leak

SSD Advisory – Firefox Information Leak

Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory ...

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability ...