A blog post with additional information is available here:
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
We have also released a video showing arbitrary code execution:
https://www.youtube.com/watch?v=1EngNIXSNQw
SEC Consult Vulnerability Lab Security Advisory
SEC Consult Vulnerability Lab Security Advisory < 20170509-0 >
===
title: Multiple vulnerabilities
product: I, Librarian PDF manager
vulnerable version: <=4.6 & 4.7
fixed version: 4.8
SEC Consult Vulnerability Lab Security Advisory < 20170622-0 >
===
title: XML External Entity Injection (XXE),
SQL Injection, Cross Site Scripting,
Local File Disc
SEC Consult Vulnerability Lab Security Advisory < 20170523-0 >
===
title: Arbitrary File Upload & Stored XSS
product: InvoicePlane
vulnerable version: 1.4.10
fixed version: 1.5.2
We have published an accompanying blog post to this technical advisory with
further information:
http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
SEC Consult Vulnerability Lab Security Advisory < 2017060
SEC Consult Vulnerability Lab Security Advisory < 20170613-0 >
===
title: Access Restriction Bypass
product: Atlassian Confluence
vulnerable version: 4.3.0 - 6.1.1
fixed version: 6.2.1
SEC Consult Vulnerability Lab Security Advisory < 20170914-0 >
===
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware version &
SEC Consult Vulnerability Lab Security Advisory < 20170914-1 >
===
title: Persistent Cross-Site Scripting
product: SilverStripe CMS
vulnerable version: <=3.5.3
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
===
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 S
SEC Consult Vulnerability Lab Security Advisory < 20171017-0 >
===
title: Cross site scripting
product: Webtrekk Pixel tracking
vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to
SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >
===
title: Local File Disclosure
product: VLC media player iOS app
vulnerable version: 2.7.8
fixed version: 2.8.1
CVE
SEC Consult Vulnerability Lab Security Advisory < 20170913-0 >
===
title: Multiple Vulnerabilities
product: IBM Infosphere Information Server / Datastage
vulnerable version: 9.1, 11.3, an
SEC Consult Vulnerability Lab Security Advisory < 20170912-0 >
===
title: Email verification bypass
product: SAP E-Recruiting
vulnerable version: 605, 606, 616, 617
fixed version: see SAP se
SEC Consult Vulnerability Lab Security Advisory < 20171018-0 >
===
title: Multiple vulnerabilities
product: Afian AB FileRun
vulnerable version: 2017.03.18
fixed version: 2017
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
===
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20171130-1 >
===
title: OS Command Injection & Reflected Cross Site Scripting
product: OpenEMR
vulnerable version: 5.0.0
fixed vers
SEC Consult Vulnerability Lab Security Advisory < 20171129-0 >
===
title: FortiGate SSL VPN Portal XSS Vulnerability
product: Fortinet FortiOS
vulnerable version: see: Vulnerable / tested ve
SEC Consult Vulnerability Lab Security Advisory < 20171213-0 >
===
title: VPN credentials disclosure
product: Fortinet FortiClient
vulnerable version: <4.4.2335 on Linux, <5.6.
SEC Consult Vulnerability Lab Security Advisory < 20171114-0 >
===
title: Authentication bypass, cross-site scripting & code
execution
product: Siemens SICAM RTUs SM-2556 C
SEC Consult Vulnerability Lab Security Advisory < 20171116-0 >
===
title: Broken access control & LINQ injection
product: Progress Sitefinity
vulnerable version: 10.0, 10.1
fix
SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
===
title: Arbitrary File Upload & Cross-site scripting
product: MyBiz MyProcureNet
vulnerable version: 5.0.0
fixed versio
The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091
On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 2018
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
===
title: XXE & XSS vulnerabilities
product: RSA Authentication Manager
vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P
SEC Consult Vulnerability Lab Security Advisory < 20180529-0 >
===
title: Unprotected WiFi access & Unencrypted data transfer
product: Vgate iCar 2 WiFi OBD2 Dongle
vulnerable version: Vgate i
We have published an accompanying blog post to this technical advisory with
further information:
Blog:
https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/
Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ
SEC Consult Vulnerability Lab Security Advisory
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
===
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
===
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabili
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018020
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
===
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: &l
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
===
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018022
SEC Consult Vulnerability Lab Security Advisory < 20180813-0 >
===
title: SQL Injection, XSS & CSRF vulnerabilities
product: Pimcore
vulnerable version: 5.2.3 and below
fixed vers
SEC Consult Vulnerability Lab Security Advisory < 20180906-0 >
===
title: CSV Formula Injection
product: DokuWiki
vulnerable version: 2018-04-22a "Greebo" and older versions
fix
-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/
SEC Consult Vulnerability Lab Security Advisory < 20180704-0 >
===
title: Local root jailbre
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 >
===
title: Remote code execution via multiple attack vectors
product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20180712-0 >
===
title: Remote Code Execution & Local File Disclosure
product: Zeta Producer Desktop CMS
vulnerable version
SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
===
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9
SEC Consult Vulnerability Lab Security Advisory < 20180314-0 >
===
title: Arbitrary Shortcode Execution & Local File Inclusion
product: WOOF - WooCommerce Products Filter (PluginUs.Net)
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
===
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
===
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
===
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 -
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
===
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixe
SEC Consult also published a blog post regarding the identified security issues
with further background information:
Blog: https://r.sec-consult.com/xmeye
SEC Consult Vulnerability Lab Security Advisory < 2018100
SEC Consult Vulnerability Lab Security Advisory < 20181001-0 >
===
title: Password disclosure vulnerability & XSS
product: PTC ThingWorx
vulnerable version: 6.5-7.4, 8.0.x, 8.1.x, 8.2.x
SEC Consult Vulnerability Lab Security Advisory < 20180926-0 >
===
title: Stored Cross-Site Scripting
product: Progress Kendo UI Editor
vulnerable version: v2018.1.221
fixed version: non
SEC Consult Vulnerability Lab Security Advisory < 20180924-0 >
===
title: Multiple Vulnerabilities
product: Citrix StorageZones Controller
vulnerable version: all versions before 5.4.2
SEC Consult Vulnerability Lab Security Advisory < 20181205-0 >
===
title: Inadequate cryptography implementation
product: Kerio Control VPN protocol
vulnerable version: <=9.2.7
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20181130-0 >
===
title: Multiple Vulnerabilities
product: Siglent Technologies SDS 1202X-E Digital Oscilloscope
vulnerable version: V5.1.3.13
SEC Consult Vulnerability Lab Security Advisory < 20181116-0 >
===
title: Multiple critical vulnerabilities
product: Miss Marple Enterprise Edition
vulnerable version: <2.0
fixed ver
SEC Consult Vulnerability Lab Security Advisory < 20190109-0 >
===
title: Multiple Vulnerabilities
product: Cisco VoIP Phones, e.g. models 88XX
vulnerable version: See list of vulnerable d
SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
===
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.
SEC Consult Vulnerability Lab Security Advisory < 20190124-0 >
===
title: Cross-site scripting
product: CA Automic Workload Automation Web Interface (AWI)
(formerly Automic Auto
A blog post with further information has been released on this topic as well:
https://r.sec-consult.com/osci
SEC Consult Vulnerability Lab Security Advisory < 20190205-0 >
===
title: Multiple vulnerabi
SEC Consult Vulnerability Lab Security Advisory < 20190612-0 >
===
title: Multiple vulnerabilities
product: WAGO 852 Industrial Managed Switch Series
vulnerable version: 852-303: https://www.wa
SEC Consult Vulnerability Lab Security Advisory < 20190509-0 >
===
title: Multiple Vulnerabilities
product: Gemalto (Thales Group) DS3 Authentication Server / Ezio
Server
vuln
SEC Consult Vulnerability Lab Security Advisory < 20190513-0 >
===
title: Cleartext message spoofing
product: Supplementary Go Cryptography Libraries
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20190515-0 >
===
title: Authorization Bypass
product: RSA NetWitness
vulnerable version: <10.6.6.1, <11.2.1.1
fixed version: 10.6.6
SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
===
title: Unauthenticated SQL Injection vulnerability
product: OpenProject
vulnerable version: 5.0.0 - 8.3.1
fixed version:
SEC Consult Vulnerability Lab Security Advisory < 20190822-0 >
===
title: Multiple Vulnerabilities
product: OpenPGP.js
vulnerable version: <=4.2.0
fixed version: 4.3.0
CVE number:
SEC Consult Vulnerability Lab Security Advisory < 20190829-0 >
===
title: Hardcoded FTP Credentials
product: Zyxel NWA/NAP/WAC wireless access point series
vulnerable version: see "Vulnerab
SEC Consult Vulnerability Lab Security Advisory < 20190829-1 >
===
title: External DNS Requests
product: Zyxel USG/UAG/ATP/VPN/NXC series
vulnerable version: see "Vulnerable / tested version&q
SEC Consult Vulnerability Lab Security Advisory < 20190821-0 >
===
title: Unauthenticated sensitive information leakage
product: Zoho Corporation ManageEngine ServiceDesk Plus
vulnerable versio
SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
===
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojar
SEC Consult Vulnerability Lab Security Advisory < 20190926-0 >
===
title: Multiple SQL Injection vulnerabilities
product: eBrigade
vulnerable version: <5.0
fixed version: >=5.0
SEC Consult Vulnerability Lab Security Advisory < 20191029-0 >
===
title: Authentication Bypass
product: eIDAS-Node
vulnerable version: <=v2.3 (v2.1 vulnerability #2)
fixed versio
SEC Consult Vulnerability Lab Security Advisory < 20191203-0 >
===
title: Multiple vulnerabilites
product: Fronius Solar Inverter Series
vulnerable version: SW Version <3.14.1 (HM 1.12.1)
SEC Consult Vulnerability Lab Security Advisory < 20191211-0 >
===
title: File Extension Spoofing
product: Windows Defender Antivirus
vulnerable version: 4.18.1908.7-0
fixed version:
Vulnerability Lab
On 25.11.19 14:43, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
> ===
> title: FortiGuard XOR Encryption
> product:
SEC Consult Vulnerability Lab Security Advisory < 20191202-0 >
===
title: Multiple Critical Vulnerabilities
product: SALTO ProAccess SPACE
vulnerable version: <= v5.5
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
===
title: FortiGuard XOR Encryption
product: Multiple Fortinet Products (see Vulnerable / tested
versions)
vulnerable version: Mu
SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >
===
title: Reflected XSS vulnerability
product: OpenProject
vulnerable version: <= 9.0.3, <=10.0.1
fixed version: 9
SEC Consult Vulnerability Lab Security Advisory < 20200225-0 >
===
title: Multiple Cross-site Scripting (XSS) Vulnerabilities
product: PHP-Fusion CMS
vulnerable version: 9 - 9.03
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >
===
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: versi
SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >
===
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 1
SEC Consult Vulnerability Lab Security Advisory < 20200407-0 >
===
title: Multiple XSS vulnerabilities
product: TAO Open Source Assessment Platform
vulnerable version: 3.3.0 RC2
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200312-0 >
===
title: Authenticated Command Injection
product: Phoenix Contact TC Router & TC Cloud Client
vulnerable version: <=2.05.
SEC Consult Vulnerability Lab Security Advisory < 20200312-0 >
===
title: Authenticated Command Injection
product: Phoenix Contact TC Router & TC Cloud Client
vulnerable version: <=2.05.
SEC Consult Vulnerability Lab Security Advisory < 20200902-0 >
===
title: Multiple Vulnerabilities
product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
vulnerable version: <=2.0.26
SEC Consult Vulnerability Lab Security Advisory < 20201012-0 >
===
title: Reflected Cross-Site Scripting and Unauthenticated
Malicious File Upload
product: Sage DPW
vuln
SEC Consult Vulnerability Lab Security Advisory < 20201008-0 >
===
title: Multiple Cross-Site Scripting Vulnerabilities
products: PlantUML, Refined Toolkit for Confluence, Linking for
Conf
SEC Consult Vulnerability Lab Security Advisory < 20201005-0 >
===
title: Multiple Critical Vulnerabilities
product: RocketLinx Series
vulnerable version: See "Vulnerable / tested versions&q
SEC Consult Vulnerability Lab Security Advisory < 20200826-0 >
===
title: Extensive file permissions on service executable
product: Eikon Thomson Reuters
vulnerable version: 4.0.42144
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200827-0 >
===
title: Multiple Vulnerabilities
product: ZTE mobile Hotspot MS910S
vulnerable version: DL_MF910S_CN_EUV1.00.01
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20201002-0 >
===
title: Multiple Vulnerabilities
product: SevOne Network Management System (NMS)
vulnerable version: 5.7.2.22
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20201001-0 >
===
title: Broken Access Control
product: Platinum Mobile
vulnerable version: 1.0.4.850
fixed version: 1.0.4.851
CVE
SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
===
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 20
SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >
===
title: Stored Cross-Site Scripting (XSS) Vulnerability
product: Namirial SIGNificant SignAnyWhere
vulnerable version: v6.10.60
SEC Consult Vulnerability Lab Security Advisory < 20200807-0 >
===
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: <=1.5.5
fixed version: 1.5.7
C
SEC Consult Vulnerability Lab Security Advisory < 20200701-0 >
===
title: Reflected Cross-Site Scripting (XSS) Vulnerability
product: EQDKP Plus CMS
vulnerable version: <= 2.3.29
fixe
SEC Consult Vulnerability Lab Security Advisory < 20200708-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Rittal Products based on same software, e.g.
CMC
SEC Consult Vulnerability Lab Security Advisory < 20200724-0 >
===
title: Privilege Escalation Vulnerability
product: SteelCentral Aternity Agent
vulnerable version: 11.0.0.120
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200717-0 >
===
title: Multiple Vulnerabilities
product: WonderCMS
vulnerable version: <=3.1.0
fixed version: -
C
SEC Consult Vulnerability Lab Security Advisory < 20201123-0 >
===
title: Multiple Vulnerabilities
product: ZTE WLAN router MF253V
vulnerable version: V1.0.0B04
fixed version: V1.
SEC Consult Vulnerability Lab Security Advisory < 20201217-0 >
===
title: Multiple critical vulnerabilities
product: Trend Micro InterScan Web Security Virtual Appliance
(IWSVA)
vulnerable v
SEC Consult Vulnerability Lab Security Advisory < 20201117-0 >
===
title: Blind Out-Of-Band XML External Entity Injection
(Authenticated)
product: Avaya Web License Manager
vulnerable version: 6.
SEC Consult Vulnerability Lab Security Advisory < 20201104-0 >
===
title: Multiple Vulnerabilities
product: Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA)
vulnerable version: &
SEC Consult Vulnerability Lab Security Advisory < 20210113-1 >
===
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: < 2.0.0 Build 139
fixed version: Release 2.0.0
SEC Consult Vulnerability Lab Security Advisory < 20210113-0 >
===
title: Multiple vulnerabilities
product: Pepperl+Fuchs IO-Link Master Series
See "Vulnerable / test
SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
===
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
SEC Consult Vulnerability Lab Security Advisory < 20210601-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Korenix Technology products:
Korenix: JetNet 5428G
501 - 600 of 682 matches
Mail list logo