SEC Consult Vulnerability Lab Security Advisory < 20180924-0 >
===
title: Multiple Vulnerabilities
product: Citrix StorageZones Controller
vulnerable version: all versions before 5.4.2
SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
===
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.
SEC Consult Vulnerability Lab Security Advisory < 20180906-0 >
===
title: CSV Formula Injection
product: DokuWiki
vulnerable version: 2018-04-22a "Greebo" and older versions
fix
SEC Consult Vulnerability Lab Security Advisory < 20180813-0 >
===
title: SQL Injection, XSS & CSRF vulnerabilities
product: Pimcore
vulnerable version: 5.2.3 and below
fixed vers
Title: Adobe Patches Vulnerability Affecting Internal Systems
Source:
https://www.securityweek.com/adobe-patches-vulnerability-affecting-internal-systems
Title: Adobe on internal systems security hole
Source: https://www.theregister.co.uk/2018/07/19/adobe_internal_systems_bug/
References: Hacker
search
Team)[resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties, either
expressed or
idation web
vulnerability in the chat module is estimated as medium (CVSS 4.0).
Credits & Authors:
==========
Vulnerability-Lab [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
=
ty.
The vulnerability has been reported 2016-10-01. The issue was resolved
during the 2017 Q2 - Q4 by the ghost mail developer team.
Security Risk:
==
The security risk of the application-side input validation web
vulnerability in the ghostmail mail module is estimated as
ty Manager] -
https://www.vulnerability-lab.com/show.php?user=ZwX
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, includi
Benjamin K.M. (Vulnerability Laboratory Core Research Team) -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disc
urity Risk:
==
The security risk of the non-persistent cross site scripting
vulnerability in the target_user value parameter is estimated as medium.
Credits & Authors:
==
Vulnerability-Lab [resea...@vulnerability-lab.com] -
h
r=S.AbenMassaoud
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
and capability for
the new hackrf case for your developments or pentests.
Credits & Authors:
==
Vulnerability Laboratory [Core Research Team]
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerabili
SEC Consult Vulnerability Lab Security Advisory < 20180712-0 >
===
title: Remote Code Execution & Local File Disclosure
product: Zeta Producer Desktop CMS
vulnerable version
show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties, either
expressed or
implied, including the warranties of merchantability and capab
-
https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warra
atched by the at developer team of the biz
circle team. The issue was part of the official bug bounty program.
Security Risk:
==
The security risk of the persistent cross site vulnerabilities in the
web-application are estimated as medium (CVSS 4.6).
Credits & Authors:
===
==
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties, either
expressed or
implied, including the warranties of merchantability and capability for
a particular purpose. Vulnerability-Lab or its suppliers
ng/
http://adc.localhost:8080/restapi/v2/virtual_service_groups/
Solution - Fix & Patch:
===
The vulnerability can be patched by a parse and encode of the vulnerable
content rules input field values.
Restrict the input and disallow special chars. Filter and parse the item
li
edium (CVSS 3.0).
Credits & Authors:
======
Lawrence Amer (Vulnerability Lab Core Research Team)
[zeroat...@gmail.com] -
https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer
Disclaimer & Information:
=
The information provided in this advis
aoud -
https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without
any warranty. Vulnerability Lab disclaims all warranties,
either expressed or implied, including the warranties of
s then 8 characters to permanently grant
the security of the customer using the mentioned hardware.
Security Risk:
==
The security risk of the filter bypass router vulnerability in the
password setup module is estimated as medium (CVSS 3.3).
Credits & Authors:
======
Lawrence
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 >
===
title: Remote code execution via multiple attack vectors
product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1
vulnerable version:
-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/
SEC Consult Vulnerability Lab Security Advisory < 20180704-0 >
===
title: Local root jailbre
SEC Consult Vulnerability Lab Security Advisory < 20180529-0 >
===
title: Unprotected WiFi access & Unencrypted data transfer
product: Vgate iCar 2 WiFi OBD2 Dongle
vulnerable version: Vgate i
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
===
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P
The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091
On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 2018
SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
===
title: Arbitrary File Upload & Cross-site scripting
product: MyBiz MyProcureNet
vulnerable version: 5.0.0
fixed versio
We have published an accompanying blog post to this technical advisory with
further information:
Blog:
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/
Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ
SEC Consult Vulnerability Lab Security Advisory
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
===
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
===
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server
nformation provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed
or implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are not liable
in any case o
ts & Authors:
======
Vulnerability-Lab [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerabili
ors:
==
Benjamin K.M. [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab
Benjamin K.M. [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warr
SEC Consult Vulnerability Lab Security Advisory < 20180314-0 >
===
title: Arbitrary Shortcode Execution & Local File Inclusion
product: WOOF - WooCommerce Products Filter (PluginUs.Net)
Title: PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$
URL:
https://www.vulnerability-db.com/?q=articles/2018/03/13/paypal-inc-increases-bug-bounty-payments-2018-3
#bugbounty #security #research #infosec
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE:
Title: PayPal Inc - New Venmo Bug Bounty Program
URL:
https://www.vulnerability-db.com/?q=articles/2018/02/27/paypal-inc-updates-bug-bounty-program-venmo-payments-services
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
===
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
===
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixe
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
===
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 -
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018022
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
===
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: &l
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
===
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
Am 30.01.2018 um 15:43 schrieb Jeffrey Walton:
> On Tue, Jan 30, 2018 at 9:22 AM, Vulnerability Lab
> <resea...@vulnerability-lab.com> wrote:
>> Am 30.01.2018 um 15:18 schrieb Jeffrey Walton:
>>> On Tue, Jan 30, 2018 at 4:08 AM, Vulnerability Lab
>>> &l
Am 05.02.2018 um 16:10 schrieb Vulnerability Lab:
> Hello Intern0t (inter...@protonmail.com),
> could you please tell me what your strange blabla has to deal with the
> fact that the hologram can be read and accepted as fingerprint because
> of the polipaper inside. Did you see tha
Am 31.01.2018 um 17:21 schrieb Vulnerability Lab:
> Hello Ben Tasker,
> sorry if the title of the issue did lead you to misunderstand the
> article. The currency is still secure.
> The title refers to the information used for the issue. In case it was
> misleading we will up
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018020
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
===
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabili
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
===
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
ated as high. (CVSS 7.5)
Credits & Authors:
======
Vulnerability-Lab [ad...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
=
The information provided in this advisory is provided
arch Team] - Lawrence Amer
(http://lawrenceamer.me)
Profile: https://www.vulnerability-lab.com/show.php?user=Lawrence Amer
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaim
nerability-lab.com/show.php?user=Benjamin%20K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of mer
ion attacks.
The vulnerability can be resolved by an update to version 5.3.4 that is
delivered by the manufacturer. The issue risk is marked as moderate.
Security Risk:
==
The security risk of the stored cross site scripting vulnerabilities in the
shopware cms are estimated as me
imated as medium. (CVSS 4.4)
Credits & Authors:
==
Benjamin K.M. [b...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it i
ility-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of
exploitation
Security Risk:
==
The security risk of the remote sql-injection web vulnerability in the
web-application is estimated as medium (cvss 5.7).
Credits & Authors:
======
Vulnerability-Lab [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are n
lity-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, incl
edits & Authors:
==
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri
[https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.]
[www.vulnerability-lab.com]
Disclaimer & Information:
=
The information provided in this advisory
lab.com)
[www.vulnerability-lab.com]
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability
s it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are not liable in any
case of damage, including direct, indirect, i
rability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied,
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are n
ulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
impli
wpjobboard web-application is estimated as high (CVSS 6.0).
Credits & Authors:
======
Vulnerability-Lab [resea...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Disclaimer & Information:
=
The information pr
y Risk:
==
The security risk of the application-side input validation web vulnerability
and the filter bypass issue are estimated as medium. (CVSS 4.5)
Credits & Authors:
======
Benjamin K.M. [b...@vulnerability-lab.com] -
https://www.vulnerability-lab.com/show.php?user=Be
Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty
(Document) [PDF]
URL: https://www.vulnerability-lab.com/get_content.php?id=2107
Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2018/01/04/wickr-inc-app-clock-message-deletion-glitch
--
VULNERABILITY
b.com/show.php?user=Benjamin+K.M.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capabili
==
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are not lia
.
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vu
SEC Consult Vulnerability Lab Security Advisory < 20171213-0 >
===
title: VPN credentials disclosure
product: Fortinet FortiClient
vulnerable version: <4.4.2335 on Linux, <5.6.
UPDATE
Reference(s):
http://www.focus.de/digital/handy/iphone/apple-edward-snowden-warnt-vor-iphone-x-besonders-eine-funktion-ist-gefaehrlich_id_7921720.html
http://www.chip.de/news/Beruehmtester-Hacker-der-Welt-warnt-Im-iPhone-X-steckt-eine-gefaehrliche-Funktion_128162181.html
SEC Consult Vulnerability Lab Security Advisory < 20171130-1 >
===
title: OS Command Injection & Reflected Cross Site Scripting
product: OpenEMR
vulnerable version: 5.0.0
fixed vers
SEC Consult Vulnerability Lab Security Advisory < 20171129-0 >
===
title: FortiGate SSL VPN Portal XSS Vulnerability
product: Fortinet FortiOS
vulnerable version: see: Vulnerable / tested ve
Title: Edward Snowden free speech at JBFone - Future, Data Security &
Privacy
Article:
https://www.vulnerability-db.com/?q=articles%2F2017%2F11%2F23%2Fedward-snowden-free-speech-jbfone-data-security-privacy
Video: https://www.youtube.com/watch?v=JF45xq0W15c
Press:
SEC Consult Vulnerability Lab Security Advisory < 20171116-0 >
===
title: Broken access control & LINQ injection
product: Progress Sitefinity
vulnerable version: 10.0, 10.1
fix
SEC Consult Vulnerability Lab Security Advisory < 20171114-0 >
===
title: Authentication bypass, cross-site scripting & code
execution
product: Siemens SICAM RTUs SM-2556 C
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
===
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20171018-0 >
===
title: Multiple vulnerabilities
product: Afian AB FileRun
vulnerable version: 2017.03.18
fixed version: 2017
SEC Consult Vulnerability Lab Security Advisory < 20171017-0 >
===
title: Cross site scripting
product: Webtrekk Pixel tracking
vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
===
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 S
Internet Security Conference China (Asia) - 360 Qihoo
Event Url: http://isc.360.cn/2017/en/index.html
---
Speaker: Benjamin Kunz Mejri
Keynote: People is the key factor of online security
Possibilities of Individuals & IT-Security - Security Researcher &
Bounty Hunter “No System is Safe!”
SEC Consult Vulnerability Lab Security Advisory < 20170914-1 >
===
title: Persistent Cross-Site Scripting
product: SilverStripe CMS
vulnerable version: <=3.5.3
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20170914-0 >
===
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware version &
SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >
===
title: Local File Disclosure
product: VLC media player iOS app
vulnerable version: 2.7.8
fixed version: 2.8.1
CVE
SEC Consult Vulnerability Lab Security Advisory < 20170913-0 >
===
title: Multiple Vulnerabilities
product: IBM Infosphere Information Server / Datastage
vulnerable version: 9.1, 11.3, an
SEC Consult Vulnerability Lab Security Advisory < 20170912-0 >
===
title: Email verification bypass
product: SAP E-Recruiting
vulnerable version: 605, 606, 616, 617
fixed version: see SAP se
ts & Authors:
==
Lawrence Amer [zeroat...@gmail.com] -
https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranti
ry [Research Team] - Benjamin Kunz Mejri
(http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.)
Disclaimer & Information:
=====
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either
dvisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
particular purpose. Vulnerability-Lab or its suppliers are not liable in any
case of damage, including direct, ind
SEC Consult Vulnerability Lab Security Advisory < 20170822-0 >
===
title: Multiple vulnerabilities
product: Progress Sitefinity
vulnerable version: 9.1
fixed version: 10.1
CVE
& Authors:
==
S.AbenMassaoud [saifmassaoud...@gmail.com] -
https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab
ulnerability-lab.com/show.php?user=Benjamin%20K.M.)
Disclaimer & Information:
=
The information provided in this advisory is provided as it is without any
warranty. Vulnerability Lab disclaims all warranties, either expressed or
implied, including the warranties of merchantability and capability for a
SEC Consult Vulnerability Lab Security Advisory < 20170804-1 >
===
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware v0.6.1
SEC Consult Vulnerability Lab Security Advisory < 20170804-0 >
===
title: Server Side Request Forgery Vulnerability
product: phpBB
vulnerable version: 3.2.0
fixed version: 3.2.1
CVE
SEC Consult Vulnerability Lab Security Advisory < 20170727-1 >
===
title: Multiple vulnerabilities
product: KATHREIN - UFSconnect 916, UFSconnect 906
vulnerable version: 2.23 Build 224, 2.22 Bui
SEC Consult Vulnerability Lab Security Advisory < 20170727-0 >
===
title: Authenticated Command Injection &
Cloud User Weak Crypto & Privilege Escalation
product: Ubi
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 >
===
title: Open Redirect in Login Page
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >
===
title: Cross-Site Scripting (XSS)
product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP
vulnerable version: Firmware v1.9.1
201 - 300 of 682 matches
Mail list logo