Advisories

Each great research deserves

some great advisories.

Research is one of Shielder’s pillars.

We invest from 25% to 100% of employees’ time into 0day vulnerability research, exploit development and training. By constantly pushing the boundaries of our knowledge and discovering new vulnerabilities, we contribute to the security of the digital ecosystem.

For each and every finding, we adhere to our disclosure policy and we publish an advisory with the technical details about the issue and the remediation. Furthermore, after completing throughout and long-term research campaigns, we openly share with the information security community our modus operandi, tools and lessons learned in our blog and at conferences around the world.

We strive to continuously improve our capabilities and offer research-driven security consultancy to our clients. For any information, get in touch with us.

An unauthenticated attacker can inject JavaScript code on Q'center Virtual Appliance event log page.

Read more

QNAP MusicStation and MalwareRemover pre-installed official apps are affected by an arbitrary file upload and a command injection, leading to pre-auth remote root command execution.

Read more

The unprivileged user portal part of CentOS Web Panel is affected by SQL Injection and Command Injection vulnerabilities, leading to root Remote Code Execution.

Read more

Telegram rlottie 6.1.1_1946 is affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.

Read more

Telegram rlottie 6.1.1_1946 is affected by a Heap Buffer Overflow in the LOTGradient::populate function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.

Read more

Telegram rlottie 6.1.1_1946 is affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function: a remote attacker might be able to overwrite Telegram's heap memory out-of-bounds on a victim device.

Read more

Telegram rlottie 7.0.1_2065 is affected by a Stack Based Overflow in the blit function: a remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device.

Read more

Telegram rlottie 7.0.1_2065 is affected by a Stack Based Overflow in the gray_split_cubic function: a remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device.

Read more

Telegram rlottie 7.0.1_2065 is affected by an Integer Overflow in the LOTGradient::populate function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.

Read more

Telegram rlottie 7.0.1_2065 is affected by an Integer Overflow in the LottieParserImpl::parseDashProperty function: a remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device.

Read more