ssd-secure-disclosure/advisories

SSD Secure Disclosure

SSD helps security researchers turn their skills in uncovering security vulnerabilities into a career. Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities responsibly reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software or devices.

The SSD Community

As part of our vulnerability disclosure program we have established a community of researchers. We believe in long-term investment in this group and we provide the tools, education and knowledge they need to find more vulnerabilities and advanced attack vectors and discover innovative ways to exploit them.

We sponsor researcher’s workshops, courses, software licenses, hardware and conference attendance.

We are always looking for new researchers to join our community. That’s why we are promoting our “Friend Bring Friend” program. When you refer us a new researcher that starts working with us on Operating systems / Mobile / Web Browsers – you get 10,000$ USD / For other vulnerabilities – you get 1,000$ USD

As another way to support the international community we sponsor security conferences around the world – from Black Hat USA to community conferences such as DefCamp Romania. We publish vulnerability technical information in our blog (https://ssd-disclosure.com/index.php/advisories), on Twitter (@SecuriTeam_SSD) and in vendor advisories. We also give lectures and host hacking competitions at international security conferences.

In 2018 we sponsored and some of our researchers attended: OffensiveCon Hack In The Box Zer0con CanSec

Table of Contents

• SSD Secure Disclosure
• The SSD Community
• Advisories
• Q&A
• Contact

Advisories

• SSD Advisory – MDaemon Mail Server Multiple XSS Vulnerabilities
• SSD Advisory – Linux BlueZ Information Leak and Heap Overflow
• SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE
• SSD Advisory – VirtualBox VRDP Guest-to-Host Escape
• SSD Advisory – Horde Groupware Webmail Authenticated Arbitrary File Injection to RCE
• SSD Advisory – SquirrelMail Incoming e-Mails Stored XSS
• SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution
• SSD Advisory – VxWorks RPC Buffer Overflow
• SSD Advisory – Synology PhotoStation Unauthenticated SQL Injection and Arbitrary File Injection to RCE
• SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation
• SSD Advisory – Apache OpenOffice Virtual Table Corruption
• SSD Advisory – iOS/macOS Kernel task_inspect Information Leak
• SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow
• SSD Advisory – Symfony Framework forward() Remote Code Execution
• SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free
• SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE
• SSD Advisory – Firefox JavaScript Type Confusion RCE
• SSD Advisory – Firefox Information Leak
• SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation
• SSD Advisory – Android Printing Man in the Middle Attack
• SSD Advisory – IRDA Linux Driver UAF
• SSD Advisory – ASUSTOR NAS Devices Authentication Bypass
• SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution
• SSD Advisory – Linux Kernel AF_PACKET Use After Free (packet_sock)
• SSD Advisory – Infiniband Linux Driver UAF
• SSD Advisory – LINE Corporation URI Handlers Remote Command Execution
• SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution
• SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read
• SSD Advisory – GetSimple CMS Unauthenticated Remote Code Execution
• SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation
• SSD Advisory – QRadar Remote Command Execution
• SSD Advisory – Linux AF_LLC Double Free
• SSD Advisory – TrustPort Management Unauthenticated Remote Code Execution
• SSD Advisory – Adobe Acrobat Reader DC Use After Free
• SSD Advisory – Firefox Sandbox Infoleak From Uninitialized Handle In CrossCall
• SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution
• SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization
• SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE
• SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)
• SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution
• SSD Advisory - Fortigate DHCP Stored XSS
• SSD Advisory - phpBB CSRF Token Hijacking Leading to Stored XSS
• SSD Advisory - OpenSSH Pre-Auth XMSS Integer Overflow
• SSD Advisory - iOS Jailbreak via Sandbox Escape and Kernel R/W leading to RCE
• SSD Advisory - Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation
• SSD Advisory - Intel Windows Graphics Driver Out of Bounds Read Denial of Service
• SSD Advisory - Synology DSM Remote Command Injection
• SSD Advisory - Ruckus IoT vRIoT Server Vulnerabilities

Q&A

• How much can I earn from working with you? The amount paid depends on two different variables:

  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • How critical is the vulnerability? For example, if you find an unauthenticated arbitrary code execution vulnerability, you would be paid substantially more than for a Cross Site Scripting vulnerability.

• What if I want to stay anonymous?

  • Fine by us! A lot of our researchers choose to stay anonymous.

• What is your policy regarding privacy and confidentiality of researcher’s information?

  • We take the privacy of researchers very seriously and do not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.

• What is the difference between SSD and Bug Bounties or other programs?

  • Financially:
    • We pay more than bug bounty programs.
    • If a vendor doesn’t have a bug bounty program – we are still interested in acquiring the vulnerability and reporting it to the vendor.
    • We believe researchers need to get paid for their effort and we are willing to offer higher rewards.
  • Administratively:
    • We will handle all the reporting process.
    • We will publish your research and attribute it per your instructions.

• How do I submit my questions or research?

  • Send us an email [email protected] – It’s that easy!

Contact

Reach us out at one of the following places:

• Our website at https://ssd-disclosure.com/
• Our twitter at https://twitter.com/SecuriTeam_SSD
• Our mail address [email protected]

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.