SEC Consult Vulnerability Lab Security Advisory 20110407-0
===
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0.8.8.2
SEC Consult Vulnerability Lab Security Advisory 20110701-0
===
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
SEC Consult Vulnerability Lab Security Advisory 20110810-0
===
title: Client-side remote file upload command execution
product: Check Point SSL VPN On-Demand applications (signed
SEC Consult Vulnerability Lab Security Advisory 20111012-0
===
title: Client-side remote file upload command execution
product: Microsoft Forefront Unified Access Gateway Remote
SEC Consult Vulnerability Lab Security Advisory 20111219-0
===
title: Client-side remote arbitrary file upload
product: SecCommerce SecSigner Java Applet
vulnerable version: 3.5.0 build 2011/11/12
SEC Consult Vulnerability Lab Security Advisory 20120104-0
===
title: Multiple critical vulnerabilities in Apache Struts2
product: Apache Struts2
* OpenSymphony XWork
SEC Consult Vulnerability Lab Security Advisory 20120220-1
===
title: Multiple Vulnerabilities in ELBA5
product: ELBA 5
vulnerable version: ELBA 5.4.1
5.5.0 R4 build 0778
SEC Consult Vulnerability Lab Security Advisory 20120220-0
===
title: Multiple critical vulnerabilities
product: VOXTRONIC voxlog professional - voice recording
solution
SEC Consult Vulnerability Lab Security Advisory 20120518-0
===
title: libwpd WPXContentListener::_closeTableRow() memory
overwrite
product: OpenOffice.org
vulnerable version: 3.3.0
SEC Consult Vulnerability Lab Security Advisory 20120618-0
===
title: WD ShareSpace WEB GUI Sensitive Data Disclosure
product: WD ShareSpace network storage system
vulnerable version: WD ShareSpace
SEC Consult Vulnerability Lab Security Advisory 20120618-1
===
title: Airlock WAF overlong UTF-8 sequence bypass
product: Airlock
vulnerable version: = 4.2.4 (without hotfix HF4213)
fixed version
SEC Consult Vulnerability Lab Security Advisory 20120626-0
===
title: Local file disclosure via XXE injection
product: Zend Framework
vulnerable version: 1.11.11
1.12.0 RC1
SEC Consult Vulnerability Lab Security Advisory 20120829-0
===
title: Support Backdoor
product: Symantec Messaging Gateway
vulnerable version: 9.5.x
fixed version: 10.0
CVE number: CVE
SEC Consult Vulnerability Lab Security Advisory 20121017-1
===
title: SQL Injection
product: Unirgy uStoreLocator - Magento extension
vulnerable version: =2.0.0
fixed version: =2.0.1
SEC Consult Vulnerability Lab Security Advisory 20121017-2
===
title: Multiple vulnerabilities in Oracle WebCenter Sites
product: Oracle WebCenter Sites (former FatWire Content Server)
vulnerable
SEC Consult Vulnerability Lab Security Advisory 20121115-0
==
title: Applicure dotDefender WAF format string vulnerability
product: dotDefender for Linux/Apache
vulnerable version: = 4.26
SEC Consult Vulnerability Lab Security Advisory 20121203-0
===
title: Unauthenticated local file inclusion
product: F5 FirePass SSL VPN
vulnerable version: = 7.0.0 HF-70-6
fixed version: 7.0.0
SEC Consult Vulnerability Lab Security Advisory 20130122-0
===
title: XML External Entity Injection (XXE)
product: F5 BIG-IP
vulnerable version: =11.2.0
fixed version: 11.2.0 HF3
SEC Consult Vulnerability Lab Security Advisory 20130122-1
===
title: SQL Injection
product: F5 BIG-IP
vulnerable version: =11.2.0
fixed version: 11.2.0 HF3
11.2.1 HF3
SEC Consult Vulnerability Lab Security Advisory 20130124-0
===
title: Critical SSH Backdoor in multiple Barracuda Networks
Products
vulnerable products: Barracuda Spam and Virus Firewall
SEC Consult Vulnerability Lab Security Advisory 20130308-0
===
title: Multiple critical vulnerabilities (part 1)
product: GroundWork Monitor Enterprise
vulnerable version: 6.7.0
fixed version
SEC Consult Vulnerability Lab Security Advisory 20130308-1
===
title: Multiple high risk vulnerabilities (part 2)
product: GroundWork Monitor Enterprise
vulnerable version: 6.7.0
fixed version
SEC Consult Vulnerability Lab Security Advisory 20130311-0
===
title: Persistent cross-site scripting vulnerability
product: jforum
vulnerable version: 2.1.9
fixed version: -
impact
SEC Consult Vulnerability Lab Security Advisory 20130313-0
===
title: QlikView Desktop Client Integer Overflow
product: QlikView Desktop Client
vulnerable version: 11.00 SR2
fixed version: 11.20
SEC Consult Vulnerability Lab Security Advisory 20130403-0
===
title: Multiple vulnerabilities
product: Sophos Web Protection Appliance
vulnerable version: = 3.7.8.1
fixed version: 3.7.8.2
SEC Consult Vulnerability Lab Security Advisory 20130404-0
===
title: Multiple Vulnerabilities
product: Censornet Professional v4 (2.1.7)
vulnerable version: 2.1.7
fixed version
SEC Consult Vulnerability Lab Security Advisory 20130417-0
===
title: Multiple vulnerabilities in Sosci Survey
product: Sosci Survey
vulnerable version: 2.3.04a
fixed version: 2.3.04a
SEC Consult Vulnerability Lab Security Advisory 20130417-1
===
title: Java ActiveX Control Memory Corruption
product: Java(TM) Web Start Launcher
vulnerable version: Sun Java Version 7 Update 17
SEC Consult Vulnerability Lab Security Advisory 20130417-2
===
title: HTTP header injection/Cache poisoning in Oracle WebCenter
Sites Satellite Server
product: Oracle WebCenter
Dear list,
it's seems we've had a mix-up at the CVE number, the correct CVE number
for this issue is:
CVE-2013-2416 (S0319764)
SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20130507-0
===
title: Multiple vulnerabilities
product: NetApp OnCommand System Manager
vulnerable version: = 2.1 and =2.0.2
fixed version: 2.2
SEC Consult Vulnerability Lab Security Advisory 20130523-0
===
title: JavaScript Execution in WebSphere DataPower Services
product: IBM WebSphere DataPower Integration Appliance XI50
vulnerable version
SEC Consult Vulnerability Lab Security Advisory 20130625-0
===
title: Multiple vulnerabilities in IceWarp Mail Server
product: IceWarp Mail Server
vulnerable version: =10.4.5
fixed version
SEC Consult Vulnerability Lab Security Advisory 20130709-0
===
title: Denial of service vulnerability
product: Apache CXF
vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4
fixed
SEC Consult Vulnerability Lab Security Advisory 20130719-0
===
title: Multiple vulnerabilities
product: Sybase EAServer
vulnerable version: =6.3.1
fixed version: vendor did not supply version
SEC Consult Vulnerability Lab Security Advisory 20130805-0
===
title: Vodafone EasyBox Default WPS PIN Algorithm Weakness
product: EasyBox 802 EasyBox 803
vulnerable version: EasyBox 802 - all
SEC Consult Vulnerability Lab Security Advisory 20130904-0
===
title: Undocumented password reset and admin takeover
Cross-Site Scripting vulnerabilities
product: GroupLink
SEC Consult Vulnerability Lab Security Advisory 20131003-0
===
title: nsconfigd NSRPC_REMOTECMD Denial of service vulnerability
product: Citrix NetScaler
vulnerable version: NetScaler 10.0 (Build 76.7
SEC Consult Vulnerability Lab Security Advisory 20131004-0
===
title: SQL injection vulnerability
product: Zabbix
vulnerable version: =2.0.8
fixed version: 2.0.9rc1
CVE number: CVE-2013
SEC Consult Vulnerability Lab Security Advisory 20131015-0
===
title: Multiple vulnerabilities in SpamTitan
product: SpamTitan
vulnerable version: =5.12, 5.13 is likely to be affected too
fixed
SEC Consult Vulnerability Lab Security Advisory 20131227-0
===
title: XPath Injection
product: IBM Web Content Manager (WCM)
vulnerable version: 6.x, 7.x, 8.x
fixed version: -
impact
SEC Consult Vulnerability Lab Security Advisory 20140122-0
===
title: Multiple critical vulnerabilities
product: T-Mobile HOME NET Router LTE / Huawei B593u-12
vulnerable version: V100R001C54SP063 (T
SEC Consult Vulnerability Lab Security Advisory 20140218-0
===
title: Multiple critical vulnerabilities
product: Symantec Endpoint Protection
vulnerable version: 11.0, 12.0, 12.1
fixed version
SEC Consult Vulnerability Lab Security Advisory 20140227-0
===
title: Local Buffer Overflow vulnerability
product: SAS for Windows (Statistical Analysis System)
vulnerable version: SAS 9.2, 9.3 and 9.4
SEC Consult Vulnerability Lab Security Advisory 20140228-0
===
title: Privilege escalation vulnerability
product: MICROSENS Profi Line Modular Industrial Switch Web
Manager
SEC Consult Vulnerability Lab Security Advisory 20140228-1
===
title: Authentication bypass (SSRF) and local file disclosure
product: Plex Media Server
vulnerable version: =0.9.9.2.374-aa23a69
SEC Consult Vulnerability Lab Security Advisory 20140307-0
===
title: Unauthenticated access manipulation of settings
product: Huawei E5331 MiFi mobile hotspot
vulnerable version: Software version
SEC Consult Vulnerability Lab Security Advisory 20140328-0
===
title: Multiple critical vulnerabilities
product: Symantec LiveUpdate Administrator
vulnerable version: = 2.3.2.99
fixed version
SEC Consult Vulnerability Lab Security Advisory 20140402-0
===
title: Multiple vulnerabilities
product: Rhythm Software File Manager
Rhythm Software File Manager HD
vulnerable
SEC Consult Vulnerability Lab Security Advisory 20140411-0
===
title: Multiple vulnerabilities
product: Plex Media Server
vulnerable version: confirmed in 0.9.9.10
fixed version: none
SEC Consult Vulnerability Lab Security Advisory 20140423-0
===
title: Path Traversal/Remote Code Execution
product: WD Arkeia Virtual Appliance (AVA)
vulnerable version: All Arkeia Network Backup
SEC Consult Vulnerability Lab Security Advisory 20140430-0
===
title: SQL injection and persistent XSS
product: Typo3 3rd party extension si_bibtex
vulnerable version: si_bibtex 0.2.3
fixed
SEC Consult Vulnerability Lab Security Advisory 20140508-0
===
title: Multiple critical vulnerabilities
product: AVG Remote Administration
vulnerable version: all - except issue #2
fixed version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140521-0
===
title: Multiple vulnerabilities
product: CoSoSys Endpoint Protector 4
vulnerable version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140528-0
===
title: Root Backdoor Unauthenticated access to voice recordings
product: NICE Recording
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140606-0
===
title: Multiple critical vulnerabilities
product: WebTitan
vulnerable version: 4.01 (Build
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140630-0
===
title: Multiple severe vulnerabilities
product: IBM Algorithmics RICOS
vulnerable version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140701-0
===
title: Stored cross-site scripting vulnerabilities
product: EMC Documentum eRoom
vulnerable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140710-0
===
title: Multiple critical vulnerabilities in Shopizer webshop
product: Shopizer
vulnerable
SEC Consult Vulnerability Lab Security Advisory 20140710-2
===
title: Multiple critical vulnerabilites
product: Schrack MICROCONTROL emergency light system
vulnerable version: before 1.7.0 (937
SEC Consult Vulnerability Lab Security Advisory 20140710-3
===
title: Design Issue / Password Disclosure
product: All WAGO-I/O-SYSTEMs which provide a CODESYS V2.3 WebVisu
vulnerable version: Systems
SEC Consult Vulnerability Lab Security Advisory 20140710-1
===
title: Multiple high risk vulnerabilities in Shopizer webshop
product: Shopizer
vulnerable version: 1.1.5 and below
fixed version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140716-0
===
title: Multiple SSRF vulnerabilities
product: Alfresco Community Edition
vulnerable version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140716-1
===
title: Remote Code Execution via CSRF
product: OpenVPN Access Server Desktop Client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140716-2
===
title: Multiple vulnerabilities
product: Citrix NetScaler Application Delivery Controller
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140716-3
===
title: Multiple critical vulnerabilities
product: Bitdefender GravityZone
vulnerable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140805-0
===
title: Multiple vulnerabilities
product: Readsoft Invoice Processing / Process Director
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20140828-0
===
title: Reflected Cross-Site Scripting
product: F5 BIG-IP
vulnerable version: = 11.5.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20141015-0
===
title: Potential Cross-Site Scripting
product: ADF Faces
vulnerable version: 12.1.2.0
SEC Consult Vulnerability Lab Security Advisory 20141029-0
===
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version
SEC Consult Vulnerability Lab Security Advisory 20141029-1
===
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version
SEC Consult Vulnerability Lab Security Advisory 20141031-0
===
title: XML External Entity Injection (XXE) and Reflected XSS
product: Scalix Web Access
vulnerable version: 11.4.6.12377 and 12.2.0.14697
SEC Consult Vulnerability Lab Security Advisory 20141106-0
===
title: XXE XSS Arbitrary File Write vulnerabilities
product: Symantec Endpoint Protection
vulnerable version: 12.1.4023.4080
fixed
SEC Consult Vulnerability Lab Security Advisory 20141218-2
===
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3
SEC Consult Vulnerability Lab Security Advisory 20141218-1
===
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: =0.14.1
fixed version: =0.15.0
SEC Consult Vulnerability Lab Security Advisory 20141219-0
===
title: XSS Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF
SEC Consult Vulnerability Lab Security Advisory 20150122-0
===
title: Multiple critical vulnerabilities
products: Symantec Data Center Security: Server Advanced (SDCS:SA)
Symantec
SEC Consult Vulnerability Lab Security Advisory 20150113-0
===
title: Multiple critical vulnerabilities
product: snom IP phones
vulnerable version: all firmware versions 8.7.5.15, all firmware branches
SEC Consult Vulnerability Lab Security Advisory 20150113-1
===
title: Privilege Escalation XSS Missing Authentication
product: Ansible Tower
vulnerable version: =2.0.2
fixed version: =2.0.5
SEC Consult Vulnerability Lab Security Advisory 20150113-2
===
title: Cross-Site Request Forgery
product: Kodi/XBMC
vulnerable version: XBMC/Kodi =14
fixed version: no fixed version available
SEC Consult Vulnerability Lab Security Advisory 20150227-0
===
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware: 5.49; Android-App: 3.4.1
fixed version: 6.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20150513-0
===
title: Multiple critical vulnerabilities
product: WSO2 Identity Server
SEC Consult Vulnerability Lab Security Advisory 20150514-0
===
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware version 6.4.5.12
fixed version: 6.4.5.12
SEC Consult Vulnerability Lab Security Advisory 20150409-0
===
title: Multiple XSS XSRF vulnerabilities
product: Comalatech Comala Workflows
vulnerable version: = 4.6.1
fixed version: 4.6.2
SEC Consult Vulnerability Lab Security Advisory 20150410-0
===
title: Unauthenticated Local File Disclosure
product: Multiple TP-LINK products (see Vulnerable / tested
versions)
vulnerable version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20150728-0
===
title: McAfee Application Control Multiple Vulnerabilities
product: McAfee Application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20150805-0
===
title: Stack buffer overflow in handle_debug_network
product: Websense Triton Content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory 20150716-0
===
title: Permanent Cross-Site Scripting
product: Oracle Application Express
vulnerable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SEC Consult Vulnerability Lab Security Advisory < 20151022-0 >
===
title: Multiple critical vulnerabilities
product: Lime Survey
vulnerable version: 2
SEC Consult Vulnerability Lab Security Advisory < 20151105-0 >
===
title: Insecure default configuration
product: various Ubiquiti Networks products
vulnerable version: see Vulnerable / tested ve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
===
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <
SEC Consult Vulnerability Lab released a new whitepaper titled:
"Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems"
- the dinosaurs want their vuln back
Link to blog overview:
--
Including slides from presentations on this topic (wi
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
===
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Fi
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
===
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SEC Consult Vulnerability Lab Security Advisory < 20160210-0 >
===
title: Multiple Vulnerabilities
product: Yeager CMS
vulnerable version:
for more information.
SEC Consult Vulnerability Lab Security Advisory < 20160121-0 >
===
title: Deliberately hidden backdoor account
product: Several AMX (HARMAN Professional) device
SEC Consult Vulnerability Lab Security Advisory < 20160422-0 >
===
title: Insecure data storage
product: my devolo - android application - air.de.devolo.my.devolo
vulnerable version: 1.2.8
SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >
===
title: Multiple vulnerabilities in Digitalstrom Konfigurator
product: Digitalstrom Konfigurator
vulnerable v
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
===
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421,
SEC Consult Vulnerability Lab Security Advisory < 20170207-0 >
===
title: Path Traversal, Backdoor accounts & KNX group address
password bypass
product: JUNG Smart V
1 - 100 of 180 matches
Mail list logo