Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.


http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
(undisclosed)
(undisclosed)
https://voidsec.com/avactis-full-disclosure/
https://voidsec.com/host-header-injection/

Severity: Medium

ghost v.<0.5.9 is affected by a Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the previous one is saved and not deleted. Also, the file size of the avatar is not limited.

https://voidsec.com/host-header-injection/
https://voidsec.com/aethra-botnet-en/
(undisclosed)
https://voidsec.com/aethra-botnet-en/