[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

xed version released 2020-01-02 Advisory released References == [1] https://tools.ietf.org/html/rfc6350 [2] https://tools.ietf.org/html/rfc2445 [3] https://www.redteam-pentesting.de/advisories/rt-sa-2019-16 RedTeam Pentesting GmbH === RedTeam Pentesting offers individu

[RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

ure 2019-11-25 CVE number requested 2019-11-25 CVE number assigned 2019-12-02 Vendor released fixed version 2019-12-10 Customer approved disclosure 2019-12-13 Fixed version released 2020-01-02 Advisory released References == [1] https://www.redteam-pentesting.de/a

[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

uot;2020-01-30T12:34:56", "Valid": true, "VirusScan": true } } } Workaround ====== None Fix === Install the latest hotfixes for the appliance, see [2]. Security Risk =

[RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway

ON%2026%20presentations/Orange%20Tsai%20-%20Updated/DEFCON-26-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out-Updated.pdf [4] https://tomcat.apache.org RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perf

[RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-002 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a

[RT-SA-2019-005] Cisco RV320 Command Injection Retrieval

sting.de/advisories/rt-sa-2018-004 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security ex

[RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-003 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info RedTeam Pentesting GmbH === RedTeam

[RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple

nce the public knowledge with research in security-related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at: https://www.redteam-pentesting.de/ Working at RedTeam Pentesting = RedTeam Pente

[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

[1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-securi

[RT-SA-2018-004] Cisco RV320 Command Injection

2018-12-21 Postponing disclosure to 2019-01-23, as requested by vendor 2019-01-16 List of affected versions provided by vendor 2019-01-23 Advisory published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://wiki.open

[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

t-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are u

[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution

s/316-CZP-275/images/ds-enterprise-password-vault-11-15-17.pdf [2] https://github.com/pwntester/ysoserial.net [3] https://curl.haxx.se/ [4] https://www.tcpdump.org/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of special

[RT-SA-2017-015] CyberArk Password Vault Memory Disclosure

ne 2017-11-24 Vulnerability identified 2018-01-22 Customer approved disclosure to vendor 2018-02-05 Vendor notified 2018-04-06 CVE number requested 2018-04-07 CVE number assigned 2018-04-09 Advisory released References == [1] http://lp.cyberark.com/rs/316-CZP-275/images/ds-enter

[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites

ed 2017-09-13 Customer approved disclosure to vendor 2017-09-14 Vendor notified 2018-02-27 Vendor released fixed version 2018-03-13 Advisory released References == [1] https://github.com/shopware/shopware [2] https://community.shopware.com/Downloads_cat_448.html#5.4.0 RedTeam Pentesting GmbH ==

[RT-SA-2018-001] Arbitrary Redirect in Tuleap

version 2018-03-05 Vendor made issue public 2018-03-08 Advisory released References == [1] https://www.tuleap.org/what-is-tuleap [2] https://tools.ietf.org/html/rfc3986 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests per

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

11-13 Customer approved further research 2017-12-01 Further research conducted 2018-01-09 Customer approved disclosure to vendor 2018-01-10 Vendor notified 2018-01-12 Vendor released fixed version 2018-01-15 Advisory released References == [1] https://www.shibboleth.net/ [2] https://www.w3.org

[RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice

te and announced public release for end of October 2017-10-09 RedTeam Pentesting asked vendor for status update 2017-11-03 Advisory released (no reply from vendor to status update requests) References == [1] http://ladonize.org [2] https://pypi.python.org/pypi/defusedxml RedTeam

[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

elease 2017-08-22 Advisory released References == [0] http://webclientprint.azurewebsites.net/ [1] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penet

[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

y release until all their clients are updated 2017-07-31 Customer approved advisory release 2017-08-22 Advisory released References == [0] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH =

[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ [1] http://www.dest-unreach.org/socat/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security expert

[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

as a high risk. Timeline 2017-05-17 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-07-20 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] ht

[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance

to impersonate the user associated with the ID when interacting with the appliance. An authenticated session is also a precondition to exploit the vulnerability described in rt-sa-2017-006 [3], which allows arbitrary file disclosure as root. Timeline 2017-05-16 Vulnerability identified

[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

ds are executed with root privileges and no authentication is required, this is rated as a high risk. Timeline 2017-05-17 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-07-20 Vulnerabil

[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

5-26 Customer provided details of vulnerability to vendor 2017-06-21 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login

[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance

Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login) RedTeam Pentesting GmbH === RedTeam Pentesting offers

[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

-2017-005 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few expert

[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

m-pentesting.de/advisories/rt-sa-2017-003 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed im

[RT-SA-2017-011] Remote Command Execution in PDNS Manager

fers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance

[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler

rchive.org/web/20140202171923/http://www.lesscss.org/ [2] http://www.bennadel.com/blog/2638-executing-javascript-in-the-less-css-precompiler.htm [3] http://lesscss.org/#client-side-usage RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests p

[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution

2016-05-31 Advisory published References == [1] https://github.com/HadoDokis/Relay-Ajax-Directory-Manager [2] https://code.google.com/p/relay/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-

[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow

visory provided to customer 2016-05-06 Customer provided updated firmware, notified users 2016-05-23 Customer notified users again 2016-05-31 Advisory published References == [0] https://github.com/kanaka/websockify/commit/192ec6f5f9bf9c80a089ca020d05ad4bd9e7bcd9 RedTeam Pentesting

[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

ID requested 2015-09-24 CVE ID requested again 2015-10-07 CVE ID assigned 2015-10-21 Vendor contacted 2016-04-04 Vendor released fixed version 2016-05-31 Advisory released References == [1] https://www.paessler.com [2] https://www.paessler.com/prtg/history/stable RedTeam Pentesting GmbH

[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2

-03 Vendor releases fixed version 2016-03-22 Advisory released References == https://www.phpcaptcha.org/uncategorized/securimage-3-6-4-released/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-s

[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images

releasing fixed versions (7490 [0]) 2015-10-01 Vendor finished releasing fixed versions (other models) 2016-01-07 Advisory released References == [0] https://avm.de/service/sicherheitshinweise/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration

[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow

ch distribution 2016-01-07 Advisory released References == [0] https://avm.de/service/sicherheitshinweise/ [1] https://github.com/mirror/dd-wrt/tree/master/src/router/dsl_cpe_control RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration

[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials

2014-09-08 - Potential vulnerability discovered 2014-09-20 - Vulnerability verified 2014-10-17 - ISP was notified about the vulnerability 2014-10-17 - ISP implemented first countermeasures 2014-10-24 - ISP wants to investigate further 2014-11-28 - ISP needs more time, depends on hardwar

[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality

/cookbook/security/remember_me.html [2] https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby

[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass

or estimated fix 2015-08-13 Vendor announced fixed version 1.71 2015-09-04 CVE ID requested 2015-09-07 RedTeam verified that the vulnerability has been fixed 2015-10-07 CVE ID not assigned, may be "duplicate finding" 2015-10-08 Advisory published References == [0] h

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

more time 2015-05-21 Requested update from vendor 2015-05-22 Vendor states that upload to extension registry doesn't work 2015-06-03 Requested update from vendor 2015-06-10 Vendor uploads new version to extension registry 2015-06-15 Advisory published RedTeam Pentesting GmbH

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

/xmendez/wfuzz RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

investigating 2015-05-22 Requested status update from vendor 2015-05-27 Vendor is working on the issue 2015-06-05 Vendor notified customers 2015-06-08 Vendor provided details about affected versions 2015-06-10 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting

[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

requests more time to notify customers for the 3rd time, RedTeam Pentesting declines 2015-02-18 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts

[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page

and software upgrade 2015-02-04 Customer approves public disclosure 2015-02-10 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

list of affected and fixed models/versions 2014-12-15 Vendor finished releasing fixed versions for all current models 2015-01-21 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

[2] https://support.tapatalk.com/threads/19540/#post-146253 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0

?board_url=https://www.redteam-pentesting.de CVE-2014-8870 was assigned to this issue. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachenhttps://www.redteam-pentesting.de Germany

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire

assigned 2014-12-01 Advisory released References == [1] https://code.google.com/p/wfuzz/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

] http://typo3.org/teams/security/security-bulletins/typo3-extensions/ typo3-ext-sa-2014-010/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure

released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

source code repository 2014-06-23 CVE number requested 2014-06-25 CVE number assigned 2014-06-26 Advisory released References == http://bugs.python.org/issue21766 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachenhttps://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschäftsführer

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script

://www.webedition.org/de/aktuelles/webedition-cms/ Wichtige-Hinweise-zum-Sicherheitsupdate (German) RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

) RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few

[RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW

2014-03-10 Vendor acknowledges vulnerability 2014-04-22 Vendor released fixed version 2014-05-08 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby

[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration

released fixed version 2014-02-11 CVE number requested and assigned 2014-03-27 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard

== [0] https://kc.mcafee.com/corporate/index?page=contentid=SB10065 [1] https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/epo_sql.rb RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests

[RT-SA-2013-001] Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution

released References == [1] http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_pipe_transport.html [2] http://wiki.dovecot.org/LDA/Exim [3] http://wiki.dovecot.org/LDA/Exim?action=diffrev2=12rev1=11 [4] http://packages.debian.org/search?keywords=dovecot-common RedTeam Pentesting

[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator

2011-12-28 Vendor released fixed version 2012-01-03 Advisory released References == http://www.bugzilla.org/security/3.4.12/ https://bugzilla.mozilla.org/show_bug.cgi?id=697699 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

disclosure to vendor 2011-10-31 Vendor notified 2011-11-30 Vendor released fixed version and notifies customer base 2011-12-15 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team

[RT-SA-2011-006] Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes

-15 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances

#acceptpathinfo RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface

firmwares with fix 2011-04-29 Vendor confirms that other ZLD-based devices may also be affected 2011-05-04 Advisory released RedTeam Pentesting likes to thank ZyXEL for the fast response and professional collaboration. RedTeam Pentesting GmbH === RedTeam Pentesting offers

[RT-SA-2011-002] SugarCRM list privilege restriction bypass

the vulnerability 2011-03-10 Vendor releases fix 2011-03-15 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution

implements the arbitrary command execution described above using /bin/sh: #!/bin/sh ## ## # RedTeam Pentesting GmbH # # kont...@redteam

[RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs

Meeting with customer 2009-12-01 Vendor releases fixed version 2010-01-27 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data

## ## # RedTeam Pentesting GmbH # # kont...@redteam-pentesting.de # # http://www.redteam-pentesting.de # ## ## require 'socket' require 'base64' if ARGV.length 3

[RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication

. History === 2009-07-07 Vulnerability identified during a penetration test 2009-07-14 Meeting with customer 2009-12-01 Vendor releases fixed version 2010-01-27 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests

TLS Renegotiation Vulnerability: Proof of Concept Code (Python)

. Furthermore, it shall give interested persons the opportunity to analyse applications employing TLS for further vulnerabilities. -- RedTeam Pentesting GmbHTel.: +49 241 963-1300 Dennewartstr. 25-27Fax : +49 241 963-1304 52068 Aachen

New Paper: MitM Attacks against the chipTAN comfort Online Banking System

-chipTAN-comfort -- RedTeam Pentesting GmbHTel.: +49 241 963-1300 Dennewartstr. 25-27Fax : +49 241 963-1304 52068 Aachenhttp://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer

[RT-SA-2009-005] Papoo CMS: Authenticated Arbitrary Code Execution

identified during a penetration test 2009-05-20 Client notified 2009-06-05 CVE number requested 2009-06-05 Vendor notified 2009-06-30 Vendor releases patch[0] References == [0] http://www.papoo.de/cms-news-und-infos/security/papoo-sicherheitsmeldung-07-2009.html RedTeam Pentesting GmbH

[RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of Forgot Password eMail Content

2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team

[RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader

. -- RedTeam Pentesting GmbHTel.: +49 241 963-1300 Dennewartstr. 25-27Fax : +49 241 963-1304 52068 Aachenhttp://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens

[RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component

assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company

[RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View

Vulnerabilities identified during a penetration test 2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests

Advisory: SQL-Injections in Mapbender

identified during a penetration test 2008-01-09 Customer approves contacting of Mapbender developers 2008-01-17 CVE number assigned 2008-03-10 Vendor releases fixed version 2008-03-11 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration

Alcatel-Lucent OmniPCX Remote Command Execution

References == http://www1.alcatel-lucent.com/psirt/statements.htm reference number 2007002 RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security

ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content

the vulnerability 2007-06-29 CVE number assigned 2007-07-11 Vendor released fixed version 2007-07-13 Advisory released The vendor was very cooperative. There was always a competent contact person available who answered any questions. RedTeam Pentesting GmbH === RedTeam Pentesting

ActiveWeb Contentserver CMS Editor Permission Settings Problem

investigation 2007-06-29 Vendor confirmed the vulnerability 2007-06-30 CVE number assigned 2007-07-11 Vendor released fixed version 2007-07-13 Advisory released The vendor was very cooperative. There was always a competent contact person available who answered any questions. RedTeam Pentesting GmbH

ActiveWeb Contentserver CMS SQL Injection Management Interface

who answered any questions. They did an additional code audit after verifying the vulnerability and fixed similar problems immediately. RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised

ActiveWeb Contentserver CMS Multiple Cross Site Scriptings

contact person available who answered any questions. RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

Fujitsu-Siemens ServerView Remote Command Execution

The vulnerability gets acknowledged as not being known before. A fix is being worked on. 2007-06-18 CVE number assigned 2007-07-04 Vendor releases fixed version 2007-07-04 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting is offering individual penetration tests

Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure

. -- RedTeam Pentesting GmbHTel.: +49 241 963-1300 Dennewartstr. 25-27Fax : +49 241 963-1304 52068 Aachenhttp://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof