Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.

https://voidsec.com/avactis-full-disclosure/
https://voidsec.com/host-header-injection/

Severity: Medium

ghost v.<0.5.9 is affected by a Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the previous one is saved and not deleted. Also, the file size of the avatar is not limited.

Root Cause Analysis

https://voidsec.com/host-header-injection/
https://voidsec.com/aethra-botnet-en/
(undisclosed)
https://voidsec.com/aethra-botnet-en/
https://voidsec.com/minds-com-full-disclosure/
https://voidsec.com/yahoo-messenger/
(undisclosed - won't fix)