SEC Consult Vulnerability Lab Security Advisory < 20240418-0 >
===
title: Broken authorization
product: Dreamehome app
vulnerable version: <=2.1.5 (iOS)
fixed version: none, see
SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
===
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
===
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
===
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixe
SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
===
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >
===
title: Multiple Stored Cross-Site Scripting vulnerabilities
product: Statamic CMS
vulnerable version: <4.46.0, <3.4.17
SEC Consult Vulnerability Lab Security Advisory < 20231211-0 >
===
title: Local Privilege Escalation via MSI installer
product: PDF24 Creator (geek Software GmbH)
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20231206-0 >
===
title: Kiosk Escape Privilege Escalation
product: One Identity Password Manager Secure Password Extension
vulnerable version: &
SEC Consult Vulnerability Lab Security Advisory < 20231205-0 >
===
title: Argument injection leading to unauthenticated RCE and
authentication bypass
product: Atos Unify Ope
SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
===
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Appli
SEC Consult Vulnerability Lab Security Advisory < 20230927-0 >
===
title: Multiple Vulnerabilities
product: SAP® Enable Now Manager
vulnerable version: 10.6.5 (Build 2804) Cloud Edition
SEC Consult Vulnerability Lab Security Advisory < 20230925-0 >
===
title: Stored Cross-Site Scripting
product: mb Support broker management solution openVIVA c2
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20230918-0 >
===
title: Authenticated Remote Code Execution and
Missing Authentication
product: Atos Unify OpenScape S
SEC Consult Vulnerability Lab Security Advisory < 20230829-0 >
===
title: Reflected Cross-Site Scripting (XSS)
product: PTC - Codebeamer (ALM Solution)
vulnerable version: <=22.10-SP7, &l
SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >
===
title: Path traversal bypass & Denial of service
product: Kyocera TASKalfa 4053ci printer
vulnerable version: TASKalfa 4053
SEC Consult Vulnerability Lab Security Advisory < 20230703-0 >
===
title: Multiple Vulnerabilities including Unauthenticated RCE
product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805
SEC Consult Vulnerability Lab Whitepaper < 20230629-0 >
===
Title: Everyone Knows SAP®, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
SEC Consult Vulnerability Lab Security Advisory < 20230628-0 >
===
title: Stored XSS & Privilege Escalation
product: Boomerang Parental Control App
vulnerable version: <13.83
SEC Consult Vulnerability Lab Security Advisory < 20230627-0 >
===
title: Multiple high risk vulnerabilities
product: ILIAS eLearning platform
vulnerable version: see section "Vulnera
SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
===
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
===
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20230515-0 >
===
title: Multiple Vulnerabilities
product: Kiddoware Kids Place Parental Control Android App
vulnerable version: <=3.8.49
SEC Consult Vulnerability Lab Security Advisory < 20230502-0 >
===
title: Bypassing cluster isolation through insecure defaults and
shared storage
product: Databricks Pl
SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
===
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
SEC Consult Vulnerability Lab Security Advisory < 20230228-0 >
===
title: OS Command Injection
product: Barracuda CloudGen WAN
vulnerable version: < v8.* hotfix 1089
fixed ve
SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
===
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Ex
SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
===
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ C
SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
===
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extende
SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
===
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable v
Hi,
earlier this year in February 2022, we published a technical security advisory
-
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/
- on
different critical vulnerabilities in Zyxel devices, resulting from insecure
coding
SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
===
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (sa
SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
===
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed vers
SEC Consult Vulnerability Lab Security Advisory < 20221201-0 >
===
title: Replay attacks & Displaying arbitrary contents
product: Zhuhai Suny Technology ESL Tag / ETAG-TEC
SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
===
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
===
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
===
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Con
SEC Consult Vulnerability Lab Security Advisory < 20220915-0 >
===
title: Local privilege escalation
product: SAP® SAPControl Web Service Interface (sapuxuserchk)
vulnerable version: see s
SEC Consult Vulnerability Lab Security Advisory < 20220914-0 >
===
title: Improper Access Control
product: SAP® SAProuter
vulnerable version: see section "Vulnerable / tested versions&qu
SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
===
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW
v
SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
===
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
===
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) &
SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
===
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see sec
SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
===
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
===
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
===
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-
SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
===
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
===
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220518-0 >
===
title: Multiple Critical Vulnerabilities
product: SAP® Application Server
ABAP and ABAP® Platform (Dif
SEC Consult Vulnerability Lab Security Advisory < 20220505-0 >
===
title: Password Reset Poisoning Attack
product: Craft CMS
vulnerable version: 3.7.36 and potentially lower
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220427-0 >
===
title: Privilege Escalation
product: Miele Benchmark Programming Tool
vulnerable version: at least 1.1.49 and 1.2.71
SEC Consult Vulnerability Lab Security Advisory < 20220413-0 >
===
title: Missing Authentication at File Download & Denial of
Service
product: Siemens A8000 CP-8050/CP-8031 SICAM WEB
SEC Consult Vulnerability Lab Security Advisory < 20220215-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Zyxel devices
vulnerable version: For affected products see &qu
SEC Consult Vulnerability Lab Security Advisory < 20220209-0 >
===
title: Open Redirect in Login Page
product: SIEMENS-SINEMA Remote Connect
vulnerable version: V1.0 SP3 HF1
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220202-0 >
===
title: Broken access control & Cross-Site Scripting
product: Shopmetrics Mystery Shopping Software
vulnerable version: Saa
SEC Consult Vulnerability Lab Security Advisory < 20220131-0 >
===
title: Multiple Critical Vulnerabilities
product: Korenix Technology JetWave products:
JetWave 2212X, J
SEC Consult Vulnerability Lab Security Advisory < 20220126-0 >
===
title: Denial of service & User Enumeration
product: WAGO 750-8xxx PLC
vulnerable version: < Firmware 20 Patch
SEC Consult Vulnerability Lab Security Advisory < 20220124-0 >
===
title: Authenticated Path Traversal
product: Ethercreative Logs plugin for Craft CMS
vulnerable version: <=3.0.3
fixe
SEC Consult Vulnerability Lab Security Advisory < 20220120-0 >
===
title: Local file inclusion vulnerability
product: Land Software - FAUST iServer
vulnerable version: 9.0.017.017.1-3 - 9.0.018
SEC Consult Vulnerability Lab Security Advisory < 20220117-0 >
===
title: Stored Cross-Site Scripting vulnerability
product: TYPO3 extension "femanager"
vulnerable version: 6.0.0 -
SEC Consult Vulnerability Lab Security Advisory < 20220113-0 >
===
title: Cleartext Storage of Phone Password
product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832,
8832
SEC Consult Vulnerability Lab Security Advisory < 20211214-2 >
==
title: Remote ABAP Code Injection in
IUUC_GENERATE_ACPLAN_DELIMITER
product: SAP Netweaver
vulnerable version: SA
SEC Consult Vulnerability Lab Security Advisory < 20211214-1 >
===
title: Remote ABAP Code Injection in SAP
IUUC_RECON_RC_COUNT_TABLE_BIG
product: SAP Netweaver
vulnerable version: SA
SEC Consult Vulnerability Lab Security Advisory < 20211214-0 >
==
title: Remote ADBC SQL Injection in SAP
IUUC_RECON_RC_COUNT_TABLE_BIG
product: SAP Netweaver
vulnerable versio
SEC Consult Vulnerability Lab Security Advisory < 20211213-1 >
===
title: Stored Cross Site Scripting
product: Sofico Miles RIA
vulnerable version: 2020.2 build 127964T
fixed version:
SEC Consult Vulnerability Lab Security Advisory < 20211213-0 >
===
title: Multiple vulnerabilities
product: AbanteCart e-commerce platform
vulnerable version: <1.3.2
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20211202-0 >
===
title: Multiple vulnerabilities in BSCW Server
product: OrbiTeam BSCW Server
vulnerable version: BSCW Server 5.0.x, 5.1.x, &
SEC Consult Vulnerability Lab Security Advisory < 20211104-0 >
===
title: Reflected cross-site scripting vulnerability
product: IBM Sterling B2B Integrator
vulnerable version: 5.2.0.0 - 5.2
SEC Consult Vulnerability Lab Security Advisory < 20211028-0 >
===
title: CODESYS V2 Denial of Service
product: CODESYS Runtime Toolkit 32-bit, CODESYS PLCWinNT
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20211004-0 >
===
title: Multiple Critical Vulnerabilities
product: High Infinity Technology HiKam S6
vulnerable version: <=1.3.26
fixe
SEC Consult Vulnerability Lab Security Advisory < 20210901-0 >
===
title: Multiple vulnerabilities
product: see "Vulnerable / tested versions"
vulnerable version: see "Vulnera
SEC Consult Vulnerability Lab Security Advisory < 20210827-0 >
===
title: Authenticated RCE
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &
SEC Consult Vulnerability Lab Security Advisory < 20210827-1 >
===
title: XML Tag injection
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &
SEC Consult Vulnerability Lab Security Advisory < 20210820-0 >
===
title: Multiple Vulnerabilities in NetModule Router Software
product: NetModule Router Software (NRSW)
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20210819-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Altus Sistemas de Automacao products:
Nexto
SEC Consult Vulnerability Lab Security Advisory < 20210714-0 >
===
title: Authentication bypass & Remote code execution
product: Multiple Schneider Electric EVlink Charging Stations
vulnerab
SEC Consult Vulnerability Lab Security Advisory < 20210601-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Korenix Technology products:
Korenix: JetNet 5428G
SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
===
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
SEC Consult Vulnerability Lab Security Advisory < 20210422-0 >
===
title: Stored Cross Site Scripting (Outdated software library)
product: BMD BMDWeb 2.0
vulnerable version: BMD versions
SEC Consult Vulnerability Lab Security Advisory < 20210414-0 >
===
title: Reflected cross-site scripting
product: Microsoft Azure DevOps Server
vulnerable version: 2020.0.1
fixed version: 20
SEC Consult Vulnerability Lab Security Advisory < 20210407-0 >
===
title: Arbitrary File Upload and Bypassing .htaccess Rules
product: Monospace Directus Headless CMS
vulnerable version: &l
seems we had some newline issues before, sorry for the inconvenience. Here is
our advisory again:
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 >
===
title: Authentication bypass vulnera
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 >
===
title: Authentication bypass vulnerability product: Genua
GenuGate High Resistance Firewall
vulnerable version: GenuGate <10.1
SEC Consult Vulnerability Lab Security Advisory < 20210217-0 >
===
title: Multiple Vulnerabilities
product: IrfanView - WPG.dll plugin
vulnerable version: IrfanView 4.57/WPG.dll version 2
SEC Consult Vulnerability Lab Security Advisory < 20210210-0 >
===
title: Reflected Cross-Site Scripting (XSS)
product: Adobe Magento Commerce
vulnerable version: < 2.4.2
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20210113-1 >
===
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: < 2.0.0 Build 139
fixed version: Release 2.0.0
SEC Consult Vulnerability Lab Security Advisory < 20210113-0 >
===
title: Multiple vulnerabilities
product: Pepperl+Fuchs IO-Link Master Series
See "Vulnerable / test
SEC Consult Vulnerability Lab Security Advisory < 20201217-0 >
===
title: Multiple critical vulnerabilities
product: Trend Micro InterScan Web Security Virtual Appliance
(IWSVA)
vulnerable v
h.
Credits & Authors:
==
S.AbenMassaoud [Research Team] -
https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warrantie
83/list/user/
Security Risk:
==
The security risk of the remote session vulnerability in the vestacp
application is estimated as high.
Credits & Authors:
======
Vulnerability-Lab -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Benjamin Kunz Mejri
ttps://vestacp.localhost:8083/download/backup/
https://vestacp.localhost:8083/download/backup/?backup
Security Risk:
==
The security risk of the session validation web vulnerability in the
vestacp web-application is estimated as high.
Credits & Authors:
======
Vulnerabilit
utput location of the content to resolve the point
were the script code code executes.
Security Risk:
==
The security risk of the cross site scripting web vulnerability in the
vesta cp web-application is estimated as medium.
Credits & Authors:
==
Vulnerability
SEC Consult Vulnerability Lab Security Advisory < 20201123-0 >
===
title: Multiple Vulnerabilities
product: ZTE WLAN router MF253V
vulnerable version: V1.0.0B04
fixed version: V1.
of the persistent web vulnerability i the
web-application is estimated as medium.
Credits & Authors:
==
Vulnerability-Lab -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Benjamin Kunz Mejri -
https://www.vulnerability-lab.com/show.php?user=
SEC Consult Vulnerability Lab Security Advisory < 20201117-0 >
===
title: Blind Out-Of-Band XML External Entity Injection
(Authenticated)
product: Avaya Web License Manager
vulnerable version: 6.
splayed in the list
2. Escape the input transmitted from the alternate and primary inputs
3. Parse and sanitize the ouput location to ensure its filtered securely
Security Risk:
==
The security risk of the persistent cross site web vulnerability in the
sugarcrm web-applicatio
encode the contents which are transmitted from the inputs
3. Parse and sanitize the vulnerable scheduling section ouput location
to ensure its filtered securely
Security Risk:
==
The security risk of the persistent cross site web vulnerability in the
sugarcrm web-application is estima
ded as it is without
any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
and capability for a particular purpose. Vulnerability-Lab
or its suppliers are not liable in any case of damage, including direct,
indirect, incid
of the persistent input validation web vulnerability
in the web-application is estimated as medium.
Credits & Authors:
==
Vulnerability-Lab [Research Team] -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
===
ation and escape or secure encode the content
4. Encode in the edit formular the results on check
Security Risk:
==
The security risk of the persistent validation web vulnerability in the
web-application is estimated as medium.
Credits & Authors:
==
Vulnerability-Lab -
https://www.v
st is estimated as high.
1.2
The security risk of the non-persistent cross site scripting
vulnerabilities is estimated as medium.
Credits & Authors:
==
h4shursec - https://www.vulnerability-lab.com/show.php?user=h4shursec
Twitter: @h4shur ; Telegram: @h4shur ; Instagram: @netedit0r
1 - 100 of 682 matches
Mail list logo