[FD] [RT-SA-2023-001] Session Token Enumeration in RWS WorldServer

[1] https://github.com/RedTeamPentesting/monsoon [2] https://docs.rws.com/860026/585715/worldserver-11-7-developer-documentation/customizing-the-rest-api RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT

[FD] [RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible

passwords. While the precondition for this attack could be the full compromise of the STARFACE PBX, another attack scenario could be that attackers acquire access to backups of the database stored on another system. Furthermore, the login via password hash allows attackers for permanent unauthorise

[FD] [RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery

, the server-side request forgery vulnerability could pose a significant risk. In other circumstances, the risk could be negligible. Therefore, overall the vulnerability is rated as a medium risk. Timeline 2023-03-23 Vulnerability identified 2023-05-02 Customer approved disclosure to

[FD] [RT-SA-2023-004] Pydio Cells: Cross-Site Scripting via File Download

Vendor released fixed version 2023-05-14 CVE ID assigned 2023-05-16 Vendor asks for a few more days before the advisory is released 2023-05-30 Advisory released References == [1] https://aws.amazon.com/sdk-for-javascript/ RedTeam Pentesting GmbH === RedTeam Pentesting off

[FD] [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments

f external users in the authentication settings. Fix === Upgrade Pydio Cells to a version without the vulnerability. Security Risk = Attackers with access to any regular user account for a Pydio Cells instance can extend their privileges by creating a new external user with al

[FD] [RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

e domain specified in the URL resulting in a cross-site scripting vulnerability. Workaround == None. Fix === According to the vendor, the vulnerability is mitigated in versions 10.2.17, 11.2.6 and 12.0.1 of the Secure Web Gateway. This was not verified by RedTeam Pentesting GmbH. The

[FD] [RT-SA-2021-003] Missing Authentication in ZKTeco ZEM/ZMM Web Interface

-24 Vulnerability identified 2021-07-12 Customer approved disclosure to vendor 2021-07-16 Vendor notified 2021-08-20 Vendor provides fixed firmware 2022-09-29 Customer approved release of advisory 2022-10-10 CVE ID requested 2022-10-15 CVE ID assigned 2022-10-24 Advisory published References == h

[FD] [RT-SA-2021-009] Credential Disclosure in Web Interface of Crestron Device

r response received: "The device in question doesn't support Crestron's security practices. We recommend the HD-MD-4KZ alternative." 2021-12-22 Requested confirmation, that the vulnerability will not be addressed. 2021-12-28 Vendor confirms that the vulnerability w

[FD] [RT-SA-2021-007] Auerswald COMpact Multiple Backdoors

Timeline 2021-08-26 Vulnerability identified 2021-09-01 Customer approved disclosure to vendor 2021-09-10 Vendor notified 2021-09-10 CVE ID requested 2021-09-10 CVE ID assigned 2021-10-05 Vendor provides access to device with fixed firmware 2021-10-11 Vendor provides fixed firmware 2021-10-15 RedT

[FD] [RT-SA-2021-006] Auerswald COMpact Arbitrary File Disclosure

=== RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to

[FD] [RT-SA-2021-005] Auerswald COMpact Privilege Escalation

passwords for other user accounts, including those with the "sub-admin" privilege. After logging in with these newly acquired credentials, attackers can access configuration settings and most other functions. They can then for example create new SIP credentials and use them to call prem

[FD] [RT-SA-2021-004] Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass

. Attackers can then authenticate at the PBX as the respective phone and for example call premium rate phone lines they operate to generate revenue. They can also configure a device they control as the PBX in the phone, so all incoming and outgoing phone calls are intercepted and can be recorded. The dev

[FD] [RT-SA-2021-001] Cross-Site Scripting in myfactory.FMS

ot agree to a public advisory. 2021-06-10 Vendor contacts RedTeam Pentesting, reiterates that no advisory should be released. Vendor acknowledges public release after 90 days. 2021-10-04 Customer confirms update to fixed version 2021-10-13 Advisory released Re

[FD] [RT-SA-2021-002] XML External Entity Expansion in MobileTogether Server

3 SP1 resolves the vulnerability. Security Risk = Attackers in possession of an account for a MobileTogether Server with access to at least one app are able to read files from the server system, conduct HTTP requests to external and internal systems and can

[FD] [RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

g/support/faq.html#presentations [7] https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weak

[FD] [RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

dor notified of another problematic IP 2020-08-06 Vendor provided fixed version to RedTeam Pentesting 2020-10-06 Vendor starts distribution of fixed version for selected devices 2020-10-19 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individua

[FD] [RT-SA-2020-002] Denial of Service in D-Link DSR-250N

[1] https://support.dlink.com/ProductInfo.aspx?m=DSR-250N RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and

[FD] [RT-SA-2020-004] Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting

ion of Go, issue[6] is #40928, patch[7] References == [1] https://pkg.go.dev/net/http/?tab=doc#ResponseWriter [2] https://pkg.go.dev/net/http/httptest?tab=doc#ResponseRecorder [3] https://mimesniff.spec.whatwg.org/ [4] https://github.com/golang/go/blob/ba9e10889976025ee1d027db6b1cad383

[FD] [RT-SA-2020-001] Credential Disclosure in WatchGuard Fireware AD Helper Component

pproved disclosure to vendor 2020-02-24 Tried to contact the German branch of WatchGuard 2020-02-27 Contacted the Dutch branch of WatchGuard 2020-02-28 Contact to ADHelper QA Team Lead established 2020-03-02 Advisory draft sent for verification 2020-03-10 Vendor released fixed version and blog post 2020-0

[FD] [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

1-11 Vulnerability identified 2019-11-15 Vendor notified 2019-11-22 Customer approved disclosure 2019-11-25 CVE number requested 2019-11-25 CVE number assigned 2019-12-02 Vendor released fixed version 2019-12-10 Customer approved disclosure 2019-12-13 Fixed version released 2020-01-02 Advi

[FD] [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

e 2019-12-13 Fixed version released 2020-01-02 Advisory released References == [1] https://tools.ietf.org/html/rfc6350 [2] https://tools.ietf.org/html/rfc2445 [3] https://www.redteam-pentesting.de/advisories/rt-sa-2019-16 RedTeam Pentesting GmbH === RedTeam Pentesting

[FD] [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC

ploit.com/ [3] https://www.rapid7.com/db/modules/auxiliary/scanner/scada/modbusclient [4] https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perfor

[FD] [RT-SA-2019-013] Unsafe Storage of Credentials in Carel pCOWeb HVAC

e to publication of CVE-2019-13553 References ====== [0] https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0 [1] https://www.redteam-pentesting.de/de/advisories/rt-sa-2019-014.txt RedTeam Pentesting GmbH === RedTeam Pentesting

[FD] [RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

": "2020-01-30T12:34:56", "Valid": true, "VirusScan": true } } } Workaround == None Fix === Install the latest hotfixes for the appliance, see [2]. Security Risk ==

[FD] [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway

ON%2026%20presentations/Orange%20Tsai%20-%20Updated/DEFCON-26-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out-Updated.pdf [4] https://tomcat.apache.org RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perform

[FD] [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval

25 Vendor requests postponed disclosure 2019-03-25 Postponement declined 2019-03-27 Advisory published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-004 [3] ht

[FD] [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

ry published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-003 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-r

[FD] [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-002 [3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info RedTeam Pentesting GmbH === Re

[FD] [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple

s field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security-related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at: https://www.redteam-pentesting.de/ Working a

[FD] [RT-SA-2018-004] Cisco RV320 Command Injection

2019-01-23, as requested by vendor 2019-01-16 List of affected versions provided by vendor 2019-01-23 Advisory published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://wiki.openssl.org/index.php/Command_Line_Utiliti

[FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

s://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, se

[FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

01-23 Advisory published References == [1] https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html [2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration

[FD] [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure

. Timeline 2017-11-24 Vulnerability identified 2018-01-22 Customer approved disclosure to vendor 2018-02-05 Vendor notified 2018-04-06 CVE number requested 2018-04-07 CVE number assigned 2018-04-09 Advisory released References == [1] http://lp.cyberark.com/rs/316-CZP-275/image

[FD] [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution

released References == [1] http://lp.cyberark.com/rs/316-CZP-275/images/ds-enterprise-password-vault-11-15-17.pdf [2] https://github.com/pwntester/ysoserial.net [3] https://curl.haxx.se/ [4] https://www.tcpdump.org/ RedTeam Pentesting GmbH === RedTeam Pentesting o

[FD] [RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites

effort for the shop operator. Timeline 2017-08-28 Vulnerability identified 2017-09-13 Customer approved disclosure to vendor 2017-09-14 Vendor notified 2018-02-27 Vendor released fixed version 2018-03-13 Advisory released References == [1] https://github.com/shopware/shopware

[FD] [RT-SA-2018-001] Arbitrary Redirect in Tuleap

version 2018-03-05 Vendor made issue public 2018-03-08 Advisory released References == [1] https://www.tuleap.org/what-is-tuleap [2] https://tools.ietf.org/html/rfc3986 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perfor

[FD] [RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

er accounts, effectively bypassing authorisation mechanisms. Timeline 2017-11-06 Vulnerability identified 2017-11-13 Customer approved further research 2017-12-01 Further research conducted 2018-01-09 Customer approved disclosure to vendor 2018-01-10 Vendor notified 2018-01-12 Vendor

[FD] [RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice

6-11-29 Customer notified vendor 2017-07-10 Customer fixed problem in their own product 2017-07-21 RedTeam Pentesting notified vendor 2017-08-11 RedTeam Pentesting asked vendor for status update 2017-09-08 RedTeam Pentesting asked vendor for status update and announced public release for

[FD] [RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

8-22 Advisory released References == [0] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ [1] http://www.dest-unreach.org/socat/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests perf

[FD] [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in com

[FD] [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

ion 2015-09-16 Customer asked to wait with advisory release until all their clients are updated 2017-07-31 Customer approved advisory release 2017-08-22 Advisory released References == [0] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-client

[FD] [RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

clients are updated 2017-07-31 Customer approved advisory release 2017-08-22 Advisory released References ====== [0] http://webclientprint.azurewebsites.net/ [1] https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/ RedTeam Pentesting GmbH ==

[FD] [RT-SA-2016-007] Cross-Site Scripting in TYPO3 Formhandler Extension

ublic security advisories. More information about RedTeam Pentesting can be found at: https://www.redteam-pentesting.de/ Working at RedTeam Pentesting = RedTeam Pentesting is looking for penetration testers to join our team in Aachen, Germany. If you are interested p

[FD] [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

e to Version 2032 SP2. Security Risk = The diagnostic functions offered by the REDDOXX appliance allow attackers to execute arbitrary commands. Since the commands are executed with root privileges and no authentication is required, this is rated as a high risk. Timeline 201

[FD] [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

empts with cleartext credentials. This is rated as a high risk. Timeline 2017-05-17 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-07-20 Vulnerability reported as fixed by vendor 2017-07-24

[FD] [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance

ided details of vulnerability to vendor 2017-06-21 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login) RedTeam Pentesting GmbH ===

[FD] [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

redteam-pentesting.de/advisories/rt-sa-2017-004 [3] https://www.redteam-pentesting.de/advisories/rt-sa-2017-005 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses

[FD] [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance

he extracted session IDs can be used by attackers to impersonate the user associated with the ID when interacting with the appliance. An authenticated session is also a precondition to exploit the vulnerability described in rt-sa-2017-006 [3], which allows arbitrary file disclosure as root. Timel

[FD] [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

References == [0] https://www.reddoxx.com/en/ [1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads (Requires login) [2] https://www.redteam-pentesting.de/advisories/rt-sa-2017-003 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penet

[FD] [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

. Timeline 2017-05-16 Vulnerability identified 2017-05-23 Customer approved disclosure of vulnerability 2017-05-26 Customer provided details of vulnerability to vendor 2017-06-21 Vulnerability reported as fixed by vendor 2017-07-24 Advisory released References ==

[FD] [RT-SA-2017-011] Remote Command Execution in PDNS Manager

3bf4e2874a0120d99ae02a1a9f4a6e74094c7dc1 [2] https://github.com/loewexy/pdnsmanager/commit/ccc423291cb0e6f8c58849f71821e7425b7c030e RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Here

[FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

response 2016-07-14 Requested status update and roadmap from vendor 2016-07-21 Vendor confirms working on a new released and inquired whether the patch fixes the vulnerability 2016-07-22 RedTeam confirms 2016-08-24 Requested status update from vendor 2016-08-29 Vendor states that there is no

[FD] [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler

] https://github.com/less/less.js [1] http://web.archive.org/web/20140202171923/http://www.lesscss.org/ [2] http://www.bennadel.com/blog/2638-executing-javascript-in-the-less-css-precompiler.htm [3] http://lesscss.org/#client-side-usage RedTeam Pentesting GmbH === RedTeam P

[FD] [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution

ther evaluated. Timeline 2015-11-19 Vulnerability discovered 2016-04-07 Customer approved disclosure of vulnerability 2016-05-12 Developers contacted, project is no longer maintained 2016-05-31 Advisory published References == [1] https://github.com/HadoDokis/Relay-Ajax-Director

[FD] [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow

2016-04-14 Vulnerability identified 2016-05-03 Advisory provided to customer 2016-05-06 Customer provided updated firmware, notified users 2016-05-23 Customer notified users again 2016-05-31 Advisory published References ====== [0] https://github.com/kanaka/websockify/commit/1

[FD] [RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

ability 2015-09-04 CVE ID requested 2015-09-24 CVE ID requested again 2015-10-07 CVE ID assigned 2015-10-21 Vendor contacted 2016-04-04 Vendor released fixed version 2016-05-31 Advisory released References == [1] https://www.paessler.com [2] https://www.paessler.com/prtg/history/stable

[FD] [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2

to vendor 2016-02-23 CVE number requested 2016-02-24 CVE number not assigned, "non-prioritized product" 2016-03-02 Vendor contacted 2016-03-03 Vendor releases fixed version 2016-03-22 Advisory released References == https://www.phpcaptcha.org/uncategorized/securimage-3-6-4-relea

[FD] [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials

ability allows the unauthorised usage of foreign VoIP telephone numbers. The victim will be charged with all costs resulting from fraudulent phone calls. Furthermore, an attacker may answer phone calls on behalf of the victim. Customers have no means of defending oneself from such an attack. Chances are th

[FD] [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images

Vendor started releasing fixed versions (7490 [0]) 2015-10-01 Vendor finished releasing fixed versions (other models) 2016-01-07 Advisory released References == [0] https://avm.de/service/sicherheitshinweise/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individ

[FD] [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality

2015-12-22 Advisory released References == [0] https://github.com/symfony/symfony-demo [1] https://symfony.com/doc/current/cookbook/security/remember_me.html [2] https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature RedTeam Pentesting GmbH =

[FD] [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass

1.70 2015-06-09 Verified that vulnerability is not fixed in version 1.70 2015-06-09 Vendor responded: vulnerability is already known and being worked on, release date is not known 2015-06-09 Vendor provided list of affected devices 2015-07-10 Vendor queried for update, no response 2015-08-03 Vendor

[FD] [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

15-04-08 Vendor announced fixed version available at the end of April 2015-05-13 Requested update from vendor 2015-05-15 Vendor requests more time 2015-05-21 Requested update from vendor 2015-05-22 Vendor states that upload to extension registry doesn't work 2015-06-03 Requested update from

[FD] [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

15-04-29 Requested status update from vendor, vendor is still investigating 2015-05-22 Requested status update from vendor 2015-05-27 Vendor is working on the issue 2015-06-05 Vendor notified customers 2015-06-08 Vendor provided details about affected versions 2015-06-10 Advisory released RedTeam

[FD] [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

isory released References ====== [0] https://github.com/xmendez/wfuzz RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are unco

[FD] [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

version 2014-11-11 CVE number requested 2014-11-12 Vendor requests more time to notify their customers 2014-11-14 CVE number assigned 2014-12-08 Vendor again requests more time to notify customers 2015-01-12 Vendor notifies customers again, agrees to release advisory on

[FD] [RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page

ses security bulletin and software upgrade 2015-02-04 Customer approves public disclosure 2015-02-10 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby

[FD] CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0

?board_url=https://www.redteam-pentesting.de CVE-2014-8870 was assigned to this issue. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachenhttps://www.redteam-pentesting.de Germany

[FD] [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL

[FD] [RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

ds with CVE-ID, plans release for mid-November 2014-11-06 More definite release schedule requested 2014-11-12 Vendor plans release for last week of November 2014-11-21 Additional details requested from vendor 2014-11-22 Vendor responds with details, postpones release to mid-December due to

[FD] [RT-SA-2014-011] EntryPass N5200 Credentials Disclosure

ntacted vendor again since no fix or roadmap was provided. 2014-10-28 CVE number requested 2014-11-14 CVE number assigned 2014-12-01 Advisory released RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of s

[FD] [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire

ntinues to release updated versions, no response whether the security issue is fixed 2014-11-14 CVE number assigned 2014-12-01 Advisory released References == [1] https://code.google.com/p/wfuzz/ RedTeam Pentesting GmbH === RedTeam Pentesting offer

[FD] [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

rty extensions: [2] http://typo3.org/teams/security/security-bulletins/typo3-extensions/ typo3-ext-sa-2014-010/ RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereb

[FD] [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

;s working directory or in its subdirectories. The CGIHTTPServer code does contain this warning: "SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL" Even when used on a local computer this may allow other local users to execute code in the context of another use

[FD] [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

ed from vendor 2014-05-02 Vendor responds with updated information 2014-06-25 Advisory released References == [1] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/src/cadm_url_about_admin_urls.html [2] http://docs.oracle.com/cd/E29220_01/index.htm RedTeam Pentesting GmbH ===

[FD] [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery

s with updated information 2014-06-25 Advisory released References == [1] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20administrative%20operations [2] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20supported%20logging%20variables RedTeam Pe

[FD] [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

nces == Vendor Security Advisory: http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 RedTeam Pentesting GmbH === RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security

[FD] [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

Advisory: SQL Injection in webEdition CMS File Browser RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for exam

[FD] [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script

4-05-20 Vendor announces fixed versions 2014-05-28 Advisory released References == http://www.webedition.org/de/aktuelles/webedition-cms/ Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht (German) http://www.webedition.org/de/aktuelles/webedition-cms/ Wichtige-H

[FD] [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW

nclusions about the corresponding file contents, and other potentially sensitive data such as email addresses. Timeline 2014-02-20 Vulnerability identified 2014-03-04 Customer approved disclosure to vendor 2014-03-06 CVE number requested and assigned 2014-03-07

[FD] [RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration

attackers to completely manipulate the website, add their own content and track all user interaction. Timeline 2013-12-04 Vulnerability identified 2013-12-10 Customer approved disclosure to vendor 2013-12-13 Vendor notified 2014-01-15 Vendor released fixed version 2014-02-11 CVE number