A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.
All releases are governed by our Vulnerability Disclosure Policy.
The 'id' parameter of IBM Tivoli Storage Manager version 5 release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow.
Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd).
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer.
If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.
Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Tabletopia XSS to RCE due to un-sandboxed Chromium
Shenzhen Sricctv Technology Sricam CMS (SricamPC.exe) <= v.1.0.0.53(4) is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.
A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS (Network Attached Storage) and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.
After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
Zip directory traversal on the import process in Metasploit where a user importing an untrusted ZIP file could lead to code exectuion.
RubyZip Library v.<= 1.2.2 is affected by an Arbitrary File Write vulnerability.
Shenzhen Sricctv Technology DeviceViewer (DeviceViewer.exe) <= v.3.10.12.0 is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.
