reon team
* 27/11/2014 : Centreon correct vulnerabilities
* 27/11/2014 : Centreon release version 2.5.4 that fixes vulnerabilities
Fixes
=
*
https://github.com/centreon/centreon/commit/a6dd914418dd185a698050349e05f10438fde2a9
*
https://github.com/centreon/centreon/commit/d00f3e015d6cf64e45822629b00068116e90ae4d
*
https://github.com
nouncement :
http://kb.netgear.com/app/answers/detail/a_id/30275 and remove the ReadyNAS
Surveillance package.
* 03/03/2016 : Netgear publishes a new version of ReadyNAS Surveillance that
fixes the vulnerability.
Credits
===
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream
hemes Security that
fixes the vulnerabilities.
Credits
===
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter: @sysdream
signature.
* 26/02/2016 : iThemes confirms the vulnerabilities.
* 29/02/2016 : iThemes publishes a new version (5.3.1) of iThemes Security that
fixes the vulnerabilities.
Credits
===
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1
5.5
[comment]:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O
### Vulnerability Description
A sensitive information disclosure vulnerabilty is present in the page
*system-email.jsp*. It allow's an authenticated user to retreive the md5 hash
the
discovery
* 05/08/2016 : Contact with vendor team
* 05/08/2016 : Vendor acknowledges with a kind reply: "Nice Catch!" :-)
* 09/08/2016 : Vulnerability is fixed.
## Credits
* Issam Rabhi <i.ra...@sysdream.com>
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1 E124 C43E F992 2A2E
15
/revisions/23201
* https://core.spip.net/projects/spip/repository/revisions/23202
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9
repository/revisions/23184
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter:
ixes
* https://core.spip.net/projects/spip/repository/revisions/23186
* https://core.spip.net/projects/spip/repository/revisions/23189
* https://core.spip.net/projects/spip/repository/revisions/23192
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, S
t/projects/spip/repository/revisions/23201
* https://core.spip.net/projects/spip/repository/revisions/23202
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com>
GPG :
47D1 E12
* https://core.spip.net/projects/spip/repository/revisions/23188
* https://core.spip.net/projects/spip/repository/revisions/23193
### Affected versions
* Version <= 3.1.2
### Credits
* Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdream.com
: Reply from the owner, acknowledging the report and planning to
fix the vulnerabilities.
* 13/03/2017 : Sysdream Labs request for an update.
* 29/03/2017 : Second request for an update.
* 29/03/2017 : Reply from the owner stating that he has no time to fix the
issues.
* 03/05/2017 : Full disclosure
contact with opensolutions.io
* 16/02/2017 : Advisory sent.
* 24/02/2017 : Reply from the owner, acknowledging the report and planning to
fix the vulnerabilities.
* 13/03/2017 : Sysdream Labs request for an update.
* 29/03/2017 : Second request for an update.
* 29/03/2017 : Reply from the owne
ity discovery.
* 03/05/2017 : Initial contact.
* 10/05/2017 : GPG Key exchange.
* 10/05/2017 : Advisory sent to vendor.
* 17/05/2017 : Request for feedback.
* 22/05/2017 : Vendor acknowledge the vulnerabilities.
* 21/06/2017 : Sysdream Labs request for an ETA, warning for public disclosure.
* 2
7 : First fixes.
* 15/02/2017 : Fixes validation by Sysdream.
* 21/02/2017 : PhpCollab ask to wait before publish.
* 21/06/2017 : New version has been released.
* 29/09/2017 : Public disclosure.
## Credits
* Nicolas SERRA, Sysdream (n.serra -at- sysdream -dot- com)
--
SYSDREAM Labs <l...@sysdr
ion
Update to the latest version avalaible.
## Affected versions
* Version <= 2.5.1
## Timeline (dd/mm/)
* 27/08/2016 : Initial discovery.
* 05/10/2016 : Initial contact.
* 11/10/2016 : GPG Key exchange.
* 19/10/2016 : Advisory sent to vendor.
* 13/02/2017 : First fixes.
* 15/02/20
017 : Request for feedback.
* 22/05/2017 : Vendor acknowledge the vulnerabilities.
* 21/06/2017 : Sysdream Labs request for an ETA, warning for public disclosure.
* 21/06/2017 : Vendor say that the UCOPIA 5.1.8 fixes the issue.
* 29/09/2017 : Public disclosure.
## Credits
* Nicolas CHATELAIN, Sysdr
# [CVE-2018-10094] Dolibarr SQL Injection vulnerability
## Description
Dolibarr is an "Open Source ERP & CRM for Business" used by many
companies worldwide.
It is available through [GitHub](https://github.com/Dolibarr/dolibarr)
or as distribution packages (e.g .deb package).
**Threat**
The
# [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code
Execution (RCE) vulnerability
## Description
Dolibarr is an "Open Source ERP & CRM for Business" used by many
companies worldwide.
It is available through [GitHub](https://github.com/Dolibarr/dolibarr)
or as distribution
/raw.githubusercontent.com/Dolibarr/dolibarr/develop/ChangeLog))
## Timeline (dd/mm/)
* 18/03/2018 : Initial discovery
* 17/04/2018 : Contact with the editor
* 17/04/2018 : Editor acknowledges the vulnerability
* 18/04/2018 : Editor announces fixes in version 7.0.2
* 21/05/2018 : Vulnerabi
recommends to change the default admin credentials to
mitigate the issue.
## Affected versions
Theses vulnerabilities have only been tested on the 420HD phone
(firmware version: 2.2.12.126).
## Credits
a.baube at sysdream dot com
--
SYSDREAM Labs
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2
## Credits
a.baube at sysdream dot com
--
SYSDREAM Labs
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter: @sysdream
signature.asc
Description: OpenPGP digital signature
___
Sent through the Full
nks to the Zimbra security team for the perfect report handling !
--
SYSDREAM Labs
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter: @sysdream
signature.asc
Description: OpenPGP digital signature
__
23 matches
Mail list logo