[FD] [CVE-2023-29459] FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading

] Date found: 2023-04-06 Date published: 2023-06-01 CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE:CVE-2023-29459 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2023-22897] SecurePoint UTM <= 12.2.5 “spcgi.cgi” Remote Memory Contents Information Disclosure

published: 2023-04-12 CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVE:CVE-2023-22897 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED SecurePoint UTM 12.2.5

[FD] [CVE-2023-22620] SecurePoint UTM <= 12.2.5 “spcgi.cgi” sessionId Information Disclosure Allowing Device Takeover

found: 2023-01-05 Date published: 2023-04-11 CVSSv3 Score: 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE:CVE-2023-22620 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2023-0291] Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

-13 Date published: 2023-02-08 CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVE:CVE-2023-0291 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Quiz And Survey

[FD] [CVE-2023-0292] Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

published: 2023-02-08 CVSSv3 Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) CVE:CVE-2023-0292 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Quiz And Survey Master 8.0.8

[FD] Intel Data Center Manager <= 5.1 Local Privileges Escalation

Privileged APIs [CWE-648] Date found: 2022-07-16 Date published: 2022-12-07 CVSSv3 Score: 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData" Authenticated (Guest+) SQL Injection

] Date found: 2022-01-21 Date published: 2022-12-01 CVSSv3 Score: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVE:CVE-2022-21225 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2022-33942] Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass

Spoofing [CWE-290] Date found: 2022-06-01 Date published: 2022-11-23 CVSSv3 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE:CVE-2022-33942 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS

[FD] [CVE-2022-3861] Betheme <= 26.5.1.4 - Authenticated (Contributor+) PHP Object Injection

Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVE:CVE-2022-3861 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED BeTheme 26.5.1.4 and below 4. INTRODUCTION

[FD] [CVE-2022-3747] BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery

published: 2022-11-10 CVSSv3 Score: 5.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N) CVE:CVE-2022-3747 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED BeTheme BeCustom 1.0.5.2 and

[FD] [CVE-2022-2536] Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass

found: 2022-07-23 Date published: 2022-08-16 CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVE:CVE-2022-2536 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2022-25812] Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection

Externally-Supplied File [CWE-646] Date found: 2022-02-21 Date published: 2022-07-22 CVSSv3 Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) CVE:CVE-2022-25812 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3

[FD] [CVE-2022-25811] Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections

: 2022-02-21 Date published: 2022-07-22 CVSSv3 Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N) CVE:CVE-2022-25811 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2022-25810] Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities

: 2022-02-21 Date published: 2022-07-22 CVSSv3 Score: 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVE:CVE-2022-25810 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2022-2462] Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure

Unauthorized Actor [CWE-200] Date found: 2022-07-13 Date published: 2022-07-22 CVSSv3 Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVE:CVE-2022-2462 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS

[FD] [CVE-2022-2461] Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions

found: 2022-07-13 Date published: 2022-07-22 CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVE:CVE-2022-2461 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2021-24912] Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries

found: 2021-08-19 Date published: 2022-07-22 CVSSv3 Score: 5.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) CVE:CVE-2021-24912 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2021-24911] Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site Scripting

: 2021-08-19 Date published: 2022-07-22 CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE:CVE-2021-24911 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2021-24910] Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting

: 2021-08-19 Date published: 2022-07-22 CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) CVE:CVE-2021-24910 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure

-08-26 Date published: 2022-06-01 CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVE:CVE-2021-40150 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Reolink E1 Zoom

[FD] [CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure

-08-26 Date published: 2022-06-01 CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVE:CVE-2021-40149 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Reolink E1 Zoom

[FD] [CVE-2022-0779] User Meta "um_show_uploaded_file" Path Traversal / Local File Enumeration

: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVE:CVE-2022-0779 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED User Meta Lite 2.4.3 and below User Meta Pro 2.4.3 and below

[FD] [CVE-2021-42063] SAP Knowledge Warehouse <= 7.50 "SAPIrExtHelp" Reflected XSS

Scripting [CWE-79] Date found: 2021-09-21 Date published: 2022-03-17 CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE:CVE-2021-42063 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2020-25204] God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing

found: 2020-09-07 Date published: 2020-10-25 CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) CVE:CVE-2020-25204 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading

found: 2020-09-06 Date published: 2020-09-22 CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) CVE:CVE-2020-25203 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED

[FD] [CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF

: 8.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) CVE:CVE-2020-16171 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Acronis Cyber Backup v12.5 Build 16341 and below. 4

[FD] [CVE-2020-11882] o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect

Date published: 2020-07-01 CVSSv3 Score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVE:CVE-2020-11882 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED o2 Business App for

[FD] [CVE-2020-12827] MJML <= 4.6.2 mj-include "path" Path Traversal

/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L) CVE:CVE-2020-12827 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED MJML <= 4.6.2 As a solution MJML disabled mj-include by default in MJML v4.6.3

[FD] [CVE-2016-6914] Ubiquiti UniFi Video v3.7.3 (Windows) Local Privileges Escalation via Insecure Directory Permissions

: 2016-05-24 Date published: 2017-12-20 CVSSv3 Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVE:CVE-2016-6914 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED UniFi

[FD] [RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure

(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVE:CVE-2017-14955 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Check_mk v1.2.8p25 Check_mk v1.2.8p25 Enterprise older versions may be

[FD] [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure

: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVE:CVE-2017-14956 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED AlienVault USM 5.4.2 (current) older versions may be affected too

[FD] [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Mattermost v3.5.1 Mattermost v3.5.0 older versions may be affected too. 4. INTRODUCTION

Re: [FD] XenForo 1.5.x Unauthenticated Remote Code Injection

sible. > > > _______ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ -- Mit freundlichen Grüßen / With best regards / Atentamente Julien

[FD] [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting

: 6.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED AppFusions Doxygen for Atlassian Confluence v1.3.3 AppFusions Doxygen for

[FD] [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure

published: - CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED AppFusions Doxygen for Atlassian Confluence

[FD] [RCESEC-2016-006] XenForo ToggleME 3.1.2 "/admin.php?options/list/toggleME" Multiple Persistent Cross-Site Scriptings

: 2016-09-11 CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED ToggleME 3.1.2 older versions may be affected too

[FD] [RCESEC-2016-005][CVE-2016-6913] AlienVault USM/OSSIM 5.2 conf/reload.php "back" DOM-based Cross-Site Scripting

:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVE:CVE-2016-6913 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED AlienVault OSSIM 5.2 AlienVault USM 5.2 older versions may be affected too

[FD] [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting

(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) CVE:CVE-2016-5005 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Apache Archiva v1.3.9 older versions may be affected too. 4

[FD] [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries

: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) CVE:CVE-2016-4469 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Apache Archiva v1.3.9 older versions may be affected too. 4

[FD] [RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections

/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED XenAPI for XenForo v1.4.1 older versions may be affected too but were not tested. 4. INTRODUCTION

[FD] [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries

Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Postfix Admin v2.93 (latest) older versions may be affected too. 4

[FD] Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

CVSSv3 Score: 6.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE:- 2. CREDITS == This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Swagger Editor v2.9.9 (latest) older versions may be affected too. 4

[FD] Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass

(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVE:- 2. CREDITS -- This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED UniFi v3.2.10 older versions may be affected too. 4. INTRODUCTION --- The

[FD] [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow

/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) CVE:CVE-2014-7216 2. CREDITS -- This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED Yahoo! Messenger v11.5.0.228 (latest) Yahoo! Messenger v10.0.0.2009 older