Advisories

Each great research deserves

some great advisories.

Research is one of Shielder’s pillars.

We invest from 25% to 100% of employees’ time into 0day vulnerability research, exploit development and training. By constantly pushing the boundaries of our knowledge and discovering new vulnerabilities, we contribute to the security of the digital ecosystem.

For each and every finding, we adhere to our disclosure policy and we publish an advisory with the technical details about the issue and the remediation. Furthermore, after completing throughout and long-term research campaigns, we openly share with the information security community our modus operandi, tools and lessons learned in our blog and at conferences around the world.

We strive to continuously improve our capabilities and offer research-driven security consultancy to our clients. For any information, get in touch with us.

CVE-2019-9166: a privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php.

Read more

CVE-2019-9165: a SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers with a valid 'fusekey' API key to execute arbitrary SQL commands via a malicious user id.

Read more

CVE-2019-9167: a cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

Read more