A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.
All releases are governed by our Vulnerability Disclosure Policy.
Shenzhen Sricctv Technology Sricam CMS (SricamPC.exe) <= v.1.0.0.53(4) is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.
A remote code execution vulnerability was identified in the
weblogin.cgi
program used in Zyxel NAS (Network Attached Storage) and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.
After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
Zip directory traversal on the import process in Metasploit where a user importing an untrusted ZIP file could lead to code exectuion.
RubyZip Library v.<= 1.2.2 is affected by an Arbitrary File Write vulnerability.
Shenzhen Sricctv Technology DeviceViewer (DeviceViewer.exe) <= v.3.10.12.0 is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.
