[FD] [RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

2020-10-21 Thread RedTeam Pentesting GmbH
tations [7] https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in

[FD] [RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

2020-10-19 Thread RedTeam Pentesting GmbH
otified of another problematic IP 2020-08-06 Vendor provided fixed version to RedTeam Pentesting 2020-10-06 Vendor starts distribution of fixed version for selected devices 2020-10-19 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual

[FD] [RT-SA-2020-002] Denial of Service in D-Link DSR-250N

2020-10-08 Thread RedTeam Pentesting GmbH
upport.dlink.com/ProductInfo.aspx?m=DSR-250N RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed

[FD] [RT-SA-2020-004] Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting

2020-09-02 Thread RedTeam Pentesting GmbH
ttps://pkg.go.dev/net/http/?tab=doc#ResponseWriter [2] https://pkg.go.dev/net/http/httptest?tab=doc#ResponseRecorder [3] https://mimesniff.spec.whatwg.org/ [4] https://github.com/golang/go/blob/ba9e10889976025ee1d027db6b1cad383ec56de8/src/net/http/cgi/child.go#L196-L199 [5] https://github.com/go

[FD] [RT-SA-2020-001] Credential Disclosure in WatchGuard Fireware AD Helper Component

2020-03-13 Thread RedTeam Pentesting GmbH
Tried to contact the German branch of WatchGuard 2020-02-27 Contacted the Dutch branch of WatchGuard 2020-02-28 Contact to ADHelper QA Team Lead established 2020-03-02 Advisory draft sent for verification 2020-03-10 Vendor released fixed version and blog post 2020-03-11 CVE ID requested 2020-03-1

[FD] [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

2020-01-02 Thread RedTeam Pentesting GmbH
ure 2019-11-25 CVE number requested 2019-11-25 CVE number assigned 2019-12-02 Vendor released fixed version 2019-12-10 Customer approved disclosure 2019-12-13 Fixed version released 2020-01-02 Advisory released References == [1] https://www.redteam-pentesting.de/a

[FD] [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

2020-01-02 Thread RedTeam Pentesting GmbH
xed version released 2020-01-02 Advisory released References == [1] https://tools.ietf.org/html/rfc6350 [2] https://tools.ietf.org/html/rfc2445 [3] https://www.redteam-pentesting.de/advisories/rt-sa-2019-16 RedTeam Pentesting GmbH === RedTeam Pentesting offers individu

[FD] [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC

2019-10-31 Thread RedTeam Pentesting GmbH
https://www.rapid7.com/db/modules/auxiliary/scanner/scada/modbusclient [4] https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team o

[FD] [RT-SA-2019-013] Unsafe Storage of Credentials in Carel pCOWeb HVAC

2019-10-31 Thread RedTeam Pentesting GmbH
n of CVE-2019-13553 References ====== [0] https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0 [1] https://www.redteam-pentesting.de/de/advisories/rt-sa-2019-014.txt RedTeam Pentesting GmbH === RedTeam Pentesting offe

[FD] [RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

2019-07-01 Thread RedTeam Pentesting GmbH
uot;2020-01-30T12:34:56", "Valid": true, "VirusScan": true } } } Workaround ====== None Fix === Install the latest hotfixes for the appliance, see [2]. Security Risk =

[FD] [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway

2019-05-17 Thread RedTeam Pentesting GmbH
ON%2026%20presentations/Orange%20Tsai%20-%20Updated/DEFCON-26-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out-Updated.pdf [4] https://tomcat.apache.org RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perf

[FD] [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval

2019-03-27 Thread RedTeam Pentesting GmbH
sting.de/advisories/rt-sa-2018-004 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security ex

[FD] [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

2019-03-27 Thread RedTeam Pentesting GmbH
c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-003 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info RedTeam Pentesting GmbH === RedTeam

[FD] [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

2019-03-27 Thread RedTeam Pentesting GmbH
index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-002 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a

[FD] [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple

2019-03-26 Thread RedTeam Pentesting GmbH
nce the public knowledge with research in security-related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at: https://www.redteam-pentesting.de/ Working at RedTeam Pentesting = RedTeam Pente

[FD] [RT-SA-2018-004] Cisco RV320 Command Injection

2019-01-24 Thread RedTeam Pentesting GmbH
2018-12-21 Postponing disclosure to 2019-01-23, as requested by vendor 2019-01-16 List of affected versions provided by vendor 2019-01-23 Advisory published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://wiki.open

[FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

2019-01-24 Thread RedTeam Pentesting GmbH
t-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are u

[FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

2019-01-24 Thread RedTeam Pentesting GmbH
[1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-securi

[FD] [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure

2018-04-09 Thread RedTeam Pentesting GmbH
ne 2017-11-24 Vulnerability identified 2018-01-22 Customer approved disclosure to vendor 2018-02-05 Vendor notified 2018-04-06 CVE number requested 2018-04-07 CVE number assigned 2018-04-09 Advisory released References == [1] http://lp.cyberark.com/rs/316-CZP-275/images/ds-enter

[FD] [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution

2018-04-09 Thread RedTeam Pentesting GmbH
s/316-CZP-275/images/ds-enterprise-password-vault-11-15-17.pdf [2] https://github.com/pwntester/ysoserial.net [3] https://curl.haxx.se/ [4] https://www.tcpdump.org/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of special

[FD] [RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites

2018-03-13 Thread RedTeam Pentesting GmbH
ed 2017-09-13 Customer approved disclosure to vendor 2017-09-14 Vendor notified 2018-02-27 Vendor released fixed version 2018-03-13 Advisory released References == [1] https://github.com/shopware/shopware [2] https://community.shopware.com/Downloads_cat_448.html#5.4.0 RedTeam Pentesting GmbH ==

[FD] [RT-SA-2018-001] Arbitrary Redirect in Tuleap

2018-03-08 Thread RedTeam Pentesting GmbH
version 2018-03-05 Vendor made issue public 2018-03-08 Advisory released References == [1] https://www.tuleap.org/what-is-tuleap [2] https://tools.ietf.org/html/rfc3986 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests per

[FD] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

2018-01-15 Thread RedTeam Pentesting GmbH
11-13 Customer approved further research 2017-12-01 Further research conducted 2018-01-09 Customer approved disclosure to vendor 2018-01-10 Vendor notified 2018-01-12 Vendor released fixed version 2018-01-15 Advisory released References == [1] https://www.shibboleth.net/ [2] https://www.w3.org

[FD] [RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice

2017-11-03 Thread RedTeam Pentesting GmbH
te and announced public release for end of October 2017-10-09 RedTeam Pentesting asked vendor for status update 2017-11-03 Advisory released (no reply from vendor to status update requests) References == [1] http://ladonize.org [2] https://pypi.python.org/pypi/defusedxml RedTeam

[FD] [RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

2017-08-22 Thread RedTeam Pentesting GmbH
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ [1] http://www.dest-unreach.org/socat/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security expert

[FD] [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

2017-08-22 Thread RedTeam Pentesting GmbH
wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[FD] [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

2017-08-22 Thread RedTeam Pentesting GmbH
y release until all their clients are updated 2017-07-31 Customer approved advisory release 2017-08-22 Advisory released References == [0] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH =

[FD] [RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

2017-08-22 Thread RedTeam Pentesting GmbH
elease 2017-08-22 Advisory released References == [0] http://webclientprint.azurewebsites.net/ [1] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penet

[FD] [RT-SA-2016-007] Cross-Site Scripting in TYPO3 Formhandler Extension

2017-07-27 Thread RedTeam Pentesting GmbH
com/files/137127/typo3-xssbypass.txt [3] http://examples.typo3-formhandler.com/start/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks

[FD] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
ds are executed with root privileges and no authentication is required, this is rated as a high risk. Timeline 2017-05-17 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-07-20 Vulnerabil

[FD] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
as a high risk. Timeline 2017-05-17 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-07-20 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] ht

[FD] [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login) RedTeam Pentesting GmbH === RedTeam Pentesting offers

[FD] [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
-2017-005 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few expert

[FD] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
m-pentesting.de/advisories/rt-sa-2017-003 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed im

[FD] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

2017-07-24 Thread RedTeam Pentesting GmbH
5-26 Customer provided details of vulnerability to vendor 2017-06-21 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login

[FD] [RT-SA-2017-011] Remote Command Execution in PDNS Manager

2017-07-05 Thread RedTeam Pentesting GmbH
fers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance

[FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

2016-12-23 Thread RedTeam Pentesting GmbH
states that there is no concrete timeline 2016-12-05 Vendor announces a release 2016-12-20 Vendor released fixed version 2016-12-23 Advisory released References == [1] https://github.com/mwielgoszewski/python-paddingoracle [2] http://httpd.apache.org/security/vulnerabilities_24.ht

[FD] [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler

2016-11-24 Thread RedTeam Pentesting GmbH
rchive.org/web/20140202171923/http://www.lesscss.org/ [2] http://www.bennadel.com/blog/2638-executing-javascript-in-the-less-css-precompiler.htm [3] http://lesscss.org/#client-side-usage RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests p

[FD] [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution

2016-05-31 Thread RedTeam Pentesting GmbH
2016-05-31 Advisory published References == [1] https://github.com/HadoDokis/Relay-Ajax-Directory-Manager [2] https://code.google.com/p/relay/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-

[FD] [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow

2016-05-31 Thread RedTeam Pentesting GmbH
visory provided to customer 2016-05-06 Customer provided updated firmware, notified users 2016-05-23 Customer notified users again 2016-05-31 Advisory published References == [0] https://github.com/kanaka/websockify/commit/192ec6f5f9bf9c80a089ca020d05ad4bd9e7bcd9 RedTeam Pentesting

[FD] [RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

2016-05-31 Thread RedTeam Pentesting GmbH
ID requested 2015-09-24 CVE ID requested again 2015-10-07 CVE ID assigned 2015-10-21 Vendor contacted 2016-04-04 Vendor released fixed version 2016-05-31 Advisory released References == [1] https://www.paessler.com [2] https://www.paessler.com/prtg/history/stable RedTeam Pentesting GmbH

[FD] [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2

2016-03-22 Thread RedTeam Pentesting GmbH
-03 Vendor releases fixed version 2016-03-22 Advisory released References == https://www.phpcaptcha.org/uncategorized/securimage-3-6-4-released/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-s

[FD] [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images

2016-01-07 Thread RedTeam Pentesting GmbH
releasing fixed versions (7490 [0]) 2015-10-01 Vendor finished releasing fixed versions (other models) 2016-01-07 Advisory released References == [0] https://avm.de/service/sicherheitshinweise/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration

[FD] [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials

2016-01-07 Thread RedTeam Pentesting GmbH
2014-09-08 - Potential vulnerability discovered 2014-09-20 - Vulnerability verified 2014-10-17 - ISP was notified about the vulnerability 2014-10-17 - ISP implemented first countermeasures 2014-10-24 - ISP wants to investigate further 2014-11-28 - ISP needs more time, depends on hardwar

[FD] [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality

2015-12-22 Thread RedTeam Pentesting GmbH
/cookbook/security/remember_me.html [2] https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby

[FD] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

2015-06-15 Thread RedTeam Pentesting GmbH
more time 2015-05-21 Requested update from vendor 2015-05-22 Vendor states that upload to extension registry doesn't work 2015-06-03 Requested update from vendor 2015-06-10 Vendor uploads new version to extension registry 2015-06-15 Advisory published RedTeam Pentesting GmbH

[FD] [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

2015-06-10 Thread RedTeam Pentesting GmbH
/xmendez/wfuzz RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few

[FD] [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

2015-06-10 Thread RedTeam Pentesting GmbH
investigating 2015-05-22 Requested status update from vendor 2015-05-27 Vendor is working on the issue 2015-06-05 Vendor notified customers 2015-06-08 Vendor provided details about affected versions 2015-06-10 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting

[FD] [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

2015-02-18 Thread RedTeam Pentesting GmbH
requests more time to notify customers for the 3rd time, RedTeam Pentesting declines 2015-02-18 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts

[FD] [RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page

2015-02-10 Thread RedTeam Pentesting GmbH
and software upgrade 2015-02-04 Customer approves public disclosure 2015-02-10 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[FD] [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

2015-01-12 Thread RedTeam Pentesting GmbH
[2] https://support.tapatalk.com/threads/19540/#post-146253 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[FD] CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0

2015-01-12 Thread RedTeam Pentesting GmbH
?board_url=https://www.redteam-pentesting.de CVE-2014-8870 was assigned to this issue. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachenhttps://www.redteam-pentesting.de Germany

[FD] [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

2014-12-02 Thread RedTeam Pentesting GmbH
://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby

[FD] [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

2014-12-01 Thread RedTeam Pentesting GmbH
] http://typo3.org/teams/security/security-bulletins/typo3-extensions/ typo3-ext-sa-2014-010/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses

[FD] [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

2014-06-26 Thread RedTeam Pentesting GmbH
source code repository 2014-06-23 CVE number requested 2014-06-25 CVE number assigned 2014-06-26 Advisory released References == http://bugs.python.org/issue21766 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests

[FD] [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery

2014-06-25 Thread RedTeam Pentesting GmbH
Advisory released References == [1] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20administrative%20operations [2] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20supported%20logging%20variables RedTeam Pentesting GmbH

[FD] [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

2014-06-25 Thread RedTeam Pentesting GmbH
. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachenhttps://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschäftsführer

[FD] [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

2014-06-05 Thread RedTeam Pentesting GmbH
://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products

[FD] [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW

2014-05-08 Thread RedTeam Pentesting GmbH
2014-03-10 Vendor acknowledges vulnerability 2014-04-22 Vendor released fixed version 2014-05-08 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby