[FD] SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app

SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > === title: Broken authorization product: Dreamehome app vulnerable version: <=2.1.5 (iOS) fixed version: none, see

[FD] SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 > === title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed versi

[FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

SEC Consult Vulnerability Lab Security Advisory < 20240307-0 > === title: Local Privilege Escalation via writable files product: Checkmk Agent vulnerable version: 2.0.0, 2.1.0, 2.2.0

[FD] SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 > === title: Local Privilege Escalation via DLL Hijacking product: Qognify VMS Client Viewer vulnerable version: >=7.1 fixe

[FD] SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH)

SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > === title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version: <= 1

[FD] SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS

SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > === title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: <4.46.0, <3.4.17

[FD] SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator

SEC Consult Vulnerability Lab Security Advisory < 20231211-0 > === title: Local Privilege Escalation via MSI installer product: PDF24 Creator (geek Software GmbH) vulnerable version: <

[FD] SEC Consult SA-20231206 :: Kiosk Escape Privilege Escalation in One Identity Password Manager Secure Password Extension

SEC Consult Vulnerability Lab Security Advisory < 20231206-0 > === title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: &

[FD] SEC Consult SA-20231205 :: Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (SBC), Branch, BCF

SEC Consult Vulnerability Lab Security Advisory < 20231205-0 > === title: Argument injection leading to unauthenticated RCE and authentication bypass product: Atos Unify Ope

[FD] SEC Consult SA-20231005 :: Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

SEC Consult Vulnerability Lab Security Advisory < 20231005-0 > === title: Open Redirect in BSP Test Application it00 (Bypass for CVE-2020-6215 Patch) product: SAP® Appli

[FD] SEC Consult SA-20230927-0 :: Multiple Vulnerabilities in SAP® Enable Now Manager

SEC Consult Vulnerability Lab Security Advisory < 20230927-0 > === title: Multiple Vulnerabilities product: SAP® Enable Now Manager vulnerable version: 10.6.5 (Build 2804) Cloud Edition

[FD] SEC Consult SA-20230925-0 :: Stored Cross-Site Scripting in mb Support broker management solution openVIVA c2

SEC Consult Vulnerability Lab Security Advisory < 20230925-0 > === title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: <

[FD] SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > === title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape S

[FD] SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC - Codebeamer (ALM Solution)

SEC Consult Vulnerability Lab Security Advisory < 20230829-0 > === title: Reflected Cross-Site Scripting (XSS) product: PTC - Codebeamer (ALM Solution) vulnerable version: <=22.10-SP7, &l

[FD] SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 > === title: Path traversal bypass & Denial of service product: Kyocera TASKalfa 4053ci printer vulnerable version: TASKalfa 4053

[FD] SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000

SEC Consult Vulnerability Lab Security Advisory < 20230703-0 > === title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805

[FD] SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later

SEC Consult Vulnerability Lab Whitepaper < 20230629-0 > === Title: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC:

[FD] SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App

SEC Consult Vulnerability Lab Security Advisory < 20230628-0 > === title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: <13.83

[FD] SEC Consult SA-20230627-0 :: Multiple high risk vulnerabilities in ILIAS eLearning platform

SEC Consult Vulnerability Lab Security Advisory < 20230627-0 > === title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnera

[FD] SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)

SEC Consult Vulnerability Lab Security Advisory < 20230517-0 > === title: Stored XSS vulnerability in rename functionality product: Wekan (Open-Source kanban) vulnerable version: <=6.74

[FD] SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software

SEC Consult Vulnerability Lab Security Advisory < 20230516-0 > === title: Multiple Vulnerabilities product: Serenity and StartSharp Software vulnerable version: < 6.7.1 fixed version:

[FD] SEC Consult SA-20230515-0 :: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App

SEC Consult Vulnerability Lab Security Advisory < 20230515-0 > === title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: <=3.8.49

[FD] SEC Consult SA-20230502-0 :: Bypassing cluster isolation through insecure defaults and shared storage in Databricks Platform

SEC Consult Vulnerability Lab Security Advisory < 20230502-0 > === title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Pl

[FD] SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway

SEC Consult Vulnerability Lab Security Advisory < 20230306-0 > === title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18_041520_711.NCS.10

[FD] SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN

SEC Consult Vulnerability Lab Security Advisory < 20230228-0 > === title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: < v8.* hotfix 1089 fixed version:

[FD] SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM

SEC Consult Vulnerability Lab Security Advisory < 20230117-2 > === title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Ex

[FD] SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

SEC Consult Vulnerability Lab Security Advisory < 20230117-1 > === title: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint product: OpenText™ C

[FD] SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)

SEC Consult Vulnerability Lab Security Advisory < 20230117-0 > === title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extende

[FD] SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 > === title: Remote code execution - CVE-2021-34427 bypass product: Eclipse Business Intelligence Reporting Tool (BiRT) vulnerable v

[FD] SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Hi, earlier this year in February 2022, we published a technical security advisory - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on different critical vulnerabilities in Zyxel devices, resulting from insecure coding

[FD] SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)

SEC Consult Vulnerability Lab Security Advisory < 20221213-0 > === title: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) product: SAP® Host Agent (sa

[FD] SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform

SEC Consult Vulnerability Lab Security Advisory < 20221206-0 > === title: Multiple critical vulnerabilities product: ILIAS eLearning platform vulnerable version: <= 7.15 fixed vers

[FD] SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

SEC Consult Vulnerability Lab Security Advisory < 20221201-0 > === title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag / ETAG-TEC

[FD] SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

SEC Consult Vulnerability Lab Security Advisory < 20221114-0 > === title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: <5.45.0

[FD] SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 > === title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)

[FD] SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)

SEC Consult Vulnerability Lab Security Advisory < 20221109-0 > === title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager (Lieferantenmanager) vulnerable version:

[FD] SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon

SEC Consult Vulnerability Lab Security Advisory < 20220923-0 > === title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon (Diagnostic Log and Trace) Con

[FD] SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk)

SEC Consult Vulnerability Lab Security Advisory < 20220915-0 > === title: Local privilege escalation product: SAP® SAPControl Web Service Interface (sapuxuserchk) vulnerable version: see s

[FD] SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter

SEC Consult Vulnerability Lab Security Advisory < 20220914-0 > === title: Improper Access Control product: SAP® SAProuter vulnerable version: see section "Vulnerable / tested versions&qu

[FD] SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

SEC Consult Vulnerability Lab Security Advisory < 20220615-0 > === title: Hardcoded Backdoor User and Outdated Software Components product: Nexans FTTO GigaSwitch industrial/office switches HW v

[FD] SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect

SEC Consult Vulnerability Lab Security Advisory < 20220614-0 > === title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version: <=V3.0.1.0-01.01.00.02

[FD] SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 > === title: Multiple vulnerabilities product: SoftGuard SNMP Network Management Extension vulnerable version: SoftGuard Web (SGW) &

[FD] SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 > === title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see sec

[FD] SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 > === title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version

[FD] SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 > === title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version

[FD] SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 > === title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-

[FD] SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 > === title: Multiple Critical Vulnerabilities product: Poly EagleEye Director II vulnerable version: 2.2.1.1 (Jul 1, 2021)

[FD] SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 > === title: Backdoor account product: Korenix JetPort 5601V3 vulnerable version: Firmware version 1.0 fixed version

[FD] SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components)

SEC Consult Vulnerability Lab Security Advisory < 20220518-0 > === title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform (Dif

[FD] SEC Consult SA-20220505-0 :: Password Reset Poisoning Attack in Craft CMS

SEC Consult Vulnerability Lab Security Advisory < 20220505-0 > === title: Password Reset Poisoning Attack product: Craft CMS vulnerable version: 3.7.36 and potentially lower fixed version

[FD] SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool

SEC Consult Vulnerability Lab Security Advisory < 20220427-0 > === title: Privilege Escalation product: Miele Benchmark Programming Tool vulnerable version: at least 1.1.49 and 1.2.71

[FD] SEC Consult SA-20220413 :: Missing Authentication at File Download & Denial of Service in Siemens A8000 PLC

SEC Consult Vulnerability Lab Security Advisory < 20220413-0 > === title: Missing Authentication at File Download & Denial of Service product: Siemens A8000 CP-8050/CP-8031 SICAM WEB

[FD] SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices

SEC Consult Vulnerability Lab Security Advisory < 20220215-0 > === title: Multiple Critical Vulnerabilities product: Multiple Zyxel devices vulnerable version: For affected products see &qu

[FD] SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect

SEC Consult Vulnerability Lab Security Advisory < 20220209-0 > === title: Open Redirect in Login Page product: SIEMENS-SINEMA Remote Connect vulnerable version: V1.0 SP3 HF1 fixed version

[FD] SEC Consult SA-20220202-0 :: Broken access control & Cross-Site Scripting in Shopmetrics Mystery Shopping Software

SEC Consult Vulnerability Lab Security Advisory < 20220202-0 > === title: Broken access control & Cross-Site Scripting product: Shopmetrics Mystery Shopping Software vulnerable version: Saa

[FD] SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products

SEC Consult Vulnerability Lab Security Advisory < 20220131-0 > === title: Multiple Critical Vulnerabilities product: Korenix Technology JetWave products: JetWave 2212X, J

[FD] SEC Consult SA-20220126-0 :: Denial of service & User Enumeration in WAGO 750-8xxx PLC

SEC Consult Vulnerability Lab Security Advisory < 20220126-0 > === title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version: < Firmware 20 Patch

[FD] SEC Consult SA-20220124-0 :: Authenticated Path Traversal in Ethercreative Logs plugin for Craft CMS

SEC Consult Vulnerability Lab Security Advisory < 20220124-0 > === title: Authenticated Path Traversal product: Ethercreative Logs plugin for Craft CMS vulnerable version: <=3.0.3 fixe

[FD] SEC Consult SA-20220120-0 :: Local file inclusion vulnerability in Land Software - FAUST iServer

SEC Consult Vulnerability Lab Security Advisory < 20220120-0 > === title: Local file inclusion vulnerability product: Land Software - FAUST iServer vulnerable version: 9.0.017.017.1-3 - 9.0.018

[FD] SEC Consult SA-20220117-0 :: Stored Cross-Site Scripting vulnerability in TYPO3 extension "femanager"

SEC Consult Vulnerability Lab Security Advisory < 20220117-0 > === title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3

[FD] SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones

SEC Consult Vulnerability Lab Security Advisory < 20220113-0 > === title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 88

[FD] SEC Consult SA-20211214-2 :: Remote ABAP Code Injection in SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER

SEC Consult Vulnerability Lab Security Advisory < 20211214-2 > == title: Remote ABAP Code Injection in IUUC_GENERATE_ACPLAN_DELIMITER product: SAP Netweaver vulnerable version: SAP DMIS

[FD] SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG

SEC Consult Vulnerability Lab Security Advisory < 20211214-1 > === title: Remote ABAP Code Injection in SAP IUUC_RECON_RC_COUNT_TABLE_BIG product: SAP Netweaver vulnerable version: SA

[FD] SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG

SEC Consult Vulnerability Lab Security Advisory < 20211214-0 > == title: Remote ADBC SQL Injection in SAP IUUC_RECON_RC_COUNT_TABLE_BIG product: SAP Netweaver vulnerable versio

[FD] SEC Consult SA-20211213-1 :: Stored Cross Site Scripting in Sofico Miles RIA

SEC Consult Vulnerability Lab Security Advisory < 20211213-1 > === title: Stored Cross Site Scripting product: Sofico Miles RIA vulnerable version: 2020.2 build 127964T fixed version:

[FD] SEC Consult SA-20211213-0 :: Multiple vulnerabilities in AbanteCart e-commerce platform

SEC Consult Vulnerability Lab Security Advisory < 20211213-0 > === title: Multiple vulnerabilities product: AbanteCart e-commerce platform vulnerable version: <1.3.2 fixed versi

[FD] SEC Consult SA-20211202-0 :: Multiple vulnerabilities in OrbiTeam BSCW Server

SEC Consult Vulnerability Lab Security Advisory < 20211202-0 > === title: Multiple vulnerabilities in BSCW Server product: OrbiTeam BSCW Server vulnerable version: BSCW Server 5.0.x, 5.1.x, &

[FD] SEC Consult SA-20211104-0 :: Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator

SEC Consult Vulnerability Lab Security Advisory < 20211104-0 > === title: Reflected cross-site scripting vulnerability product: IBM Sterling B2B Integrator vulnerable version: 5.2.0.0 - 5.2

[FD] SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2

SEC Consult Vulnerability Lab Security Advisory < 20211028-0 > === title: CODESYS V2 Denial of Service product: CODESYS Runtime Toolkit 32-bit, CODESYS PLCWinNT vulnerable version:

[FD] SEC Consult SA-20211004-0 :: Critical vulnerabilities in HiKam S6

SEC Consult Vulnerability Lab Security Advisory < 20211004-0 > === title: Multiple Critical Vulnerabilities product: High Infinity Technology HiKam S6 vulnerable version: <=1.3.26 fixe

[FD] SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > === title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnera

[FD] SEC Consult SA-20210827-0 :: Authenticated RCE in BSCW Server

SEC Consult Vulnerability Lab Security Advisory < 20210827-0 > === title: Authenticated RCE product: BSCW Server vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &

[FD] SEC Consult SA-20210827-1 :: XML Tag injection in BSCW Server

SEC Consult Vulnerability Lab Security Advisory < 20210827-1 > === title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &

[FD] SEC Consult SA-20210820-0 :: Multiple Vulnerabilities in NetModule Router Software

SEC Consult Vulnerability Lab Security Advisory < 20210820-0 > === title: Multiple Vulnerabilities in NetModule Router Software product: NetModule Router Software (NRSW) vulnerable version:

[FD] SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series

SEC Consult Vulnerability Lab Security Advisory < 20210819-0 > === title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto

[FD] SEC Consult SA-20210714-0 :: Critical vulnerabilities in Schneider Electric EVlink Charging Stations

SEC Consult Vulnerability Lab Security Advisory < 20210714-0 > ===               title: Authentication bypass & Remote code execution             product: Multiple Schneider Electric EVlink Charging Stations  vulnerab

[FD] SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series

SEC Consult Vulnerability Lab Security Advisory < 20210601-0 > === title: Multiple Critical Vulnerabilities product: Multiple Korenix Technology products: Korenix: JetNet 5428G

[FD] SEC Consult SA-20210511-0 :: Cross-site Scripting Vulnerabilities in REWE GO

SEC Consult Vulnerability Lab Security Advisory < 20210511-0 > === title: Reflected Cross-site Scripting Vulnerabilities product: SIS Informatik - REWE GO vulnerable version: 7.5.0/12C

[FD] SEC Consult SA-20210422-0 :: Stored Cross Site Scripting (Outdated software library) in BMDWeb 2.0

SEC Consult Vulnerability Lab Security Advisory < 20210422-0 > === title: Stored Cross Site Scripting (Outdated software library) product: BMD BMDWeb 2.0 vulnerable version: BMD versions pr

[FD] SEC Consult SA-20210414-0 :: Reflected cross-site scripting in Microsoft Azure DevOps Server

SEC Consult Vulnerability Lab Security Advisory < 20210414-0 > === title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 20

[FD] SEC Consult SA-20210407-0 :: Arbitrary File Upload and Bypassing .htaccess Rules in Monospace Directus Headless CMS

SEC Consult Vulnerability Lab Security Advisory < 20210407-0 > === title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: &l

[FD] SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall

seems we had some newline issues before, sorry for the inconvenience. Here is our advisory again: SEC Consult Vulnerability Lab Security Advisory < 20210301-0 > === title: Authentication bypass vulnera

[FD] SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall

SEC Consult Vulnerability Lab Security Advisory < 20210301-0 > ===  title: Authentication bypass vulnerability    product: Genua GenuGate High Resistance Firewall vulnerable version: GenuGate <10.1

[FD] SEC Consult SA-20210217-0 :: Multiple Vulnerabilities in Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory < 20210217-0 > === title: Multiple Vulnerabilities product: IrfanView - WPG.dll plugin vulnerable version: IrfanView 4.57/WPG.dll version 2

[FD] SEC Consult SA-20210210-0 :: Reflected Cross-Site Scripting in Adobe Magento Commerce

SEC Consult Vulnerability Lab Security Advisory < 20210210-0 > === title: Reflected Cross-Site Scripting (XSS) product: Adobe Magento Commerce vulnerable version: < 2.4.2 fixed versi

[FD] SEC Consult SA-20210113-1 :: Multiple vulnerabilities in flatCore CMS

SEC Consult Vulnerability Lab Security Advisory < 20210113-1 > === title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: < 2.0.0 Build 139 fixed version: Release 2.0.0

[FD] SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series

SEC Consult Vulnerability Lab Security Advisory < 20210113-0 > === title: Multiple vulnerabilities product: Pepperl+Fuchs IO-Link Master Series See "Vulnerable / test

[FD] SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)

SEC Consult Vulnerability Lab Security Advisory < 20201217-0 > === title: Multiple critical vulnerabilities product: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable v

[FD] Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability

high. Credits & Authors: == S.AbenMassaoud [Research Team] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims a

[FD] VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability

/vestacp.localhost:8083/login/?loginas https://vestacp.localhost:8083/list/user/ Security Risk: == The security risk of the remote session vulnerability in the vestacp application is estimated as high. Credits & Authors: == Vulnerability-Lab - https://www.vulnerability-lab.com/sho

[FD] VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability

estacp.localhost:8083/download/ https://vestacp.localhost:8083/download/backup/ https://vestacp.localhost:8083/download/backup/?backup Security Risk: == The security risk of the session validation web vulnerability in the vestacp web-application is estimated as high. Credits & Authors: ===

[FD] VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability

the output location of the content to resolve the point were the script code code executes. Security Risk: == The security risk of the cross site scripting web vulnerability in the vesta cp web-application is estimated as medium. Credits & Authors: == Vulnera

[FD] Bundeswehr VDPBw 50+ reported vulnerabilities

Department: Bundeswehr - CIR Title: Over 50 reported weaknesses - a first conclusion on the VDPBwVulnerability Disclosure Policy of the Bundeswehr --- Date: 2020-12-03 Location: Bonn (Germany) Reading Time: 5 min --- Over 50 reported weaknesses - a first conclusion on the VDPBwVulnerability Disc

[FD] SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V

SEC Consult Vulnerability Lab Security Advisory < 20201123-0 > === title: Multiple Vulnerabilities product: ZTE WLAN router MF253V vulnerable version: V1.0.0B04 fixed version: V1.

[FD] VTiger v7.0 CRM - (To) Persistent Email Vulnerability

ion: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Reference(s): http://localhost:8080/vtigercrm/ http://localhost:8080/vtigercrm/index.php http://localhost:8080/vtigercrm/index.php?module=Emails&action=BasicAjax&searchValue= Security Risk: == The security risk of the pe

[FD] SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager

SEC Consult Vulnerability Lab Security Advisory < 20201117-0 > === title: Blind Out-Of-Band XML External Entity Injection (Authenticated) product: Avaya Web License Manager vulnerable version: 6.

[FD] SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability

patched following the next steps ... 1. Restrict the input fields and disallow special chars for the main name values displayed in the list 2. Escape the input transmitted from the alternate and primary inputs 3. Parse and sanitize the ouput location to ensure its filtered securely Security Risk

[FD] SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability

e transmitted from the inputs 3. Parse and sanitize the vulnerable scheduling section ouput location to ensure its filtered securely Security Risk: == The security risk of the persistent cross site web vulnerability in the sugarcrm web-application is estimated as medium.

[FD] Intel NUC - Local Privilege Escalation Vulnerability

ded as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incid

[FD] Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability

00/wp-admin/post.php Security Risk: == The security risk of the persistent input validation web vulnerability in the web-application is estimated as medium. Credits & Authors: == Vulnerability-Lab [Research Team] - https://www.vulnerability-lab.com/show.php?user=Vulner

  1   2   3   4   5   6   7   8   9   >