TLDR; TPEditor v1.96 does not perform bound checking when copying “boot page” (.sta) file content to memory. The finding can be exploited to gain arbitrary code execution upon file opening. [ZDI Link] This bug was a bit interesting. VirtualAlloc() is used to allocate memory and returns a pointer to an allocation. However, we can trigger a […]
Recently our CVE-2021-29084 went public [ZDI Link]. We thought it would be fun to share our disclosure notes. The Synology DS418play NAS contained an unauthenticated accessible endpoint vulnerable to HTTP header injection. Due to nginx’s configuration, the X-Accel-Redirect header can be used download files which are shared via SMB. Note the finding requires knowledge of […]
The Synology DS418play NAS contained an unauthenticated endpoint which can be leveraged to delete arbitrary files. The exploit can be used to bypass account login throttling by deleting a database file containing banned IP addresses. The finding could potentially lead to soft bricking the device too, such as by deleting system files. The unauthenticated OTP admin […]
Education & designing secure software through hardened frameworks is the best way to mitigate security breaches. Security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.
Valve’s Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers. The vulnerability was exploited by fragging a player, which caused a specially crafted ragdoll model to be loaded. Multiple Source games were updated during the month of June 2017 to fix the vulnerability.
One Up Security, LLC