Each great research deserves
some great advisories.
Research is one of Shielder’s pillars.We invest from 25% to 100% of employees’ time into 0day vulnerability research, exploit development and training. By constantly pushing the boundaries of our knowledge and discovering new vulnerabilities, we contribute to the security of the digital ecosystem.For each and every finding, we adhere to our disclosure policy and we publish an advisory with the technical details about the issue and the remediation. Furthermore, after completing throughout and long-term research campaigns, we openly share with the information security community our modus operandi, tools and lessons learned in our blog and at conferences around the world.We strive to continuously improve our capabilities and offer research-driven security consultancy to our clients. For any information, get in touch with us.
pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.
Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the `snap_file` parameter in the `/it-IT/splunkd/__raw/services/get_snapshot` HTTP API endpoint. A 'low privileged' attacker can read any file on the target host.
Telegram rlottie 6.1.1_1946 is affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.