Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.


Severity: Low

The 'id' parameter of IBM Tivoli Storage Manager version 5 release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow.

Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd).

Severity: Medium

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer.

If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.

Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.

Severity: High

Tabletopia XSS to RCE due to un-sandboxed Chromium

Severity: Medium

Shenzhen Sricctv Technology Sricam CMS (SricamPC.exe) <= v.1.0.0.53(4) is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.

Severity: High

A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS (Network Attached Storage) and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.

After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:

  • NAS products running firmware version 5.21 and earlier.
  • UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2. Those with firmware versions before ZLD V4.35 Patch 0 are NOT affected.

https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml

Severity: High

Zip directory traversal on the import process in Metasploit where a user importing an untrusted ZIP file could lead to code exectuion.

(undisclosed)

Severity: High

RubyZip Library v.<= 1.2.2 is affected by an Arbitrary File Write vulnerability.

Severity: Medium

Shenzhen Sricctv Technology DeviceViewer (DeviceViewer.exe) <= v.3.10.12.0 is affected by a local Stack Buffer Overflow. By creating a specially crafted “Username” and copying its value in the “User/mail” login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in user.

https://www.fastweb.it/corporate/responsible-disclosure/