SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
===
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
===
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
===
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixe
SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
===
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >
===
title: Multiple Stored Cross-Site Scripting vulnerabilities
product: Statamic CMS
vulnerable version: <4.46.0, <3.4.17
SEC Consult Vulnerability Lab Security Advisory < 20231211-0 >
===
title: Local Privilege Escalation via MSI installer
product: PDF24 Creator (geek Software GmbH)
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20231206-0 >
===
title: Kiosk Escape Privilege Escalation
product: One Identity Password Manager Secure Password Extension
vulnerable version: &
SEC Consult Vulnerability Lab Security Advisory < 20231205-0 >
===
title: Argument injection leading to unauthenticated RCE and
authentication bypass
product: Atos Unify Ope
SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
===
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Appli
SEC Consult Vulnerability Lab Security Advisory < 20230927-0 >
===
title: Multiple Vulnerabilities
product: SAP® Enable Now Manager
vulnerable version: 10.6.5 (Build 2804) Cloud Edition
SEC Consult Vulnerability Lab Security Advisory < 20230925-0 >
===
title: Stored Cross-Site Scripting
product: mb Support broker management solution openVIVA c2
vulnerable version: <
SEC Consult Vulnerability Lab Security Advisory < 20230918-0 >
===
title: Authenticated Remote Code Execution and
Missing Authentication
product: Atos Unify OpenScape S
SEC Consult Vulnerability Lab Security Advisory < 20230829-0 >
===
title: Reflected Cross-Site Scripting (XSS)
product: PTC - Codebeamer (ALM Solution)
vulnerable version: <=22.10-SP7, &l
SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >
===
title: Path traversal bypass & Denial of service
product: Kyocera TASKalfa 4053ci printer
vulnerable version: TASKalfa 4053
SEC Consult Vulnerability Lab Security Advisory < 20230703-0 >
===
title: Multiple Vulnerabilities including Unauthenticated RCE
product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805
SEC Consult Vulnerability Lab Whitepaper < 20230629-0 >
===
Title: Everyone Knows SAP®, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
SEC Consult Vulnerability Lab Security Advisory < 20230628-0 >
===
title: Stored XSS & Privilege Escalation
product: Boomerang Parental Control App
vulnerable version: <13.83
SEC Consult Vulnerability Lab Security Advisory < 20230627-0 >
===
title: Multiple high risk vulnerabilities
product: ILIAS eLearning platform
vulnerable version: see section "Vulnera
SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
===
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
===
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20230515-0 >
===
title: Multiple Vulnerabilities
product: Kiddoware Kids Place Parental Control Android App
vulnerable version: <=3.8.49
SEC Consult Vulnerability Lab Security Advisory < 20230502-0 >
===
title: Bypassing cluster isolation through insecure defaults and
shared storage
product: Databricks Pl
SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
===
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
SEC Consult Vulnerability Lab Security Advisory < 20230228-0 >
===
title: OS Command Injection
product: Barracuda CloudGen WAN
vulnerable version: < v8.* hotfix 1089
fixed ve
SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
===
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Ex
SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
===
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ C
SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
===
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extende
SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
===
title: Remote code execution - CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable v
~~~
SEC Consult Vulnerability Lab
SEC Consult, an Atos company
Europe | Asia | North America
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
Atos company. It ensures the continued knowledge gain of SEC Consult in the
field
SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
===
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (sa
SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
===
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed vers
SEC Consult Vulnerability Lab Security Advisory < 20221201-0 >
===
title: Replay attacks & Displaying arbitrary contents
product: Zhuhai Suny Technology ESL Tag / ETAG-TEC
SEC Consult Vulnerability Lab Security Advisory < 20221114-0 >
===
title: Path Traversal Vulnerability
product: Payara Platform
vulnerable version: Enterprise: <5.45.0
SEC Consult Vulnerability Lab Security Advisory < 20221110-0 >
===
title: HTML Injection
product: BMC Remedy ITSM-Suite
vulnerable version: 9.1.10 (= 20.02 in new versioning scheme)
SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
===
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Con
SEC Consult Vulnerability Lab Security Advisory < 20220915-0 >
===
title: Local privilege escalation
product: SAP® SAPControl Web Service Interface (sapuxuserchk)
vulnerable version: see s
SEC Consult Vulnerability Lab Security Advisory < 20220914-0 >
===
title: Improper Access Control
product: SAP® SAProuter
vulnerable version: see section "Vulnerable / tested versions&qu
SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
===
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW
v
SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
===
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
===
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) &
SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
===
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see sec
SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
===
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
===
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
===
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-
SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
===
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
===
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220518-0 >
===
title: Multiple Critical Vulnerabilities
product: SAP® Application Server
ABAP and ABAP® Platform (Dif
SEC Consult Vulnerability Lab Security Advisory < 20220505-0 >
===
title: Password Reset Poisoning Attack
product: Craft CMS
vulnerable version: 3.7.36 and potentially lower
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220427-0 >
===
title: Privilege Escalation
product: Miele Benchmark Programming Tool
vulnerable version: at least 1.1.49 and 1.2.71
SEC Consult Vulnerability Lab Security Advisory < 20220413-0 >
===
title: Missing Authentication at File Download & Denial of
Service
product: Siemens A8000 CP-8050/CP-8031 SICAM WEB
SEC Consult Vulnerability Lab Security Advisory < 20220215-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Zyxel devices
vulnerable version: For affected products see &qu
SEC Consult Vulnerability Lab Security Advisory < 20220209-0 >
===
title: Open Redirect in Login Page
product: SIEMENS-SINEMA Remote Connect
vulnerable version: V1.0 SP3 HF1
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20220202-0 >
===
title: Broken access control & Cross-Site Scripting
product: Shopmetrics Mystery Shopping Software
vulnerable version: Saa
SEC Consult Vulnerability Lab Security Advisory < 20220131-0 >
===
title: Multiple Critical Vulnerabilities
product: Korenix Technology JetWave products:
JetWave 2212X, J
SEC Consult Vulnerability Lab Security Advisory < 20220126-0 >
===
title: Denial of service & User Enumeration
product: WAGO 750-8xxx PLC
vulnerable version: < Firmware 20 Patch
SEC Consult Vulnerability Lab Security Advisory < 20220124-0 >
===
title: Authenticated Path Traversal
product: Ethercreative Logs plugin for Craft CMS
vulnerable version: <=3.0.3
fixe
SEC Consult Vulnerability Lab Security Advisory < 20220120-0 >
===
title: Local file inclusion vulnerability
product: Land Software - FAUST iServer
vulnerable version: 9.0.017.017.1-3 - 9.0.018
SEC Consult Vulnerability Lab Security Advisory < 20220117-0 >
===
title: Stored Cross-Site Scripting vulnerability
product: TYPO3 extension "femanager"
vulnerable version: 6.0.0 -
SEC Consult Vulnerability Lab Security Advisory < 20220113-0 >
===
title: Cleartext Storage of Phone Password
product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832,
8832
SEC Consult Vulnerability Lab Security Advisory < 20211214-2 >
==
title: Remote ABAP Code Injection in
IUUC_GENERATE_ACPLAN_DELIMITER
product: SAP Netweaver
vulnerable version: SA
SEC Consult Vulnerability Lab Security Advisory < 20211214-1 >
===
title: Remote ABAP Code Injection in SAP
IUUC_RECON_RC_COUNT_TABLE_BIG
product: SAP Netweaver
vulnerable version: SA
SEC Consult Vulnerability Lab Security Advisory < 20211214-0 >
==
title: Remote ADBC SQL Injection in SAP
IUUC_RECON_RC_COUNT_TABLE_BIG
product: SAP Netweaver
vulnerable versio
SEC Consult Vulnerability Lab Security Advisory < 20211213-1 >
===
title: Stored Cross Site Scripting
product: Sofico Miles RIA
vulnerable version: 2020.2 build 127964T
fixed version:
SEC Consult Vulnerability Lab Security Advisory < 20211213-0 >
===
title: Multiple vulnerabilities
product: AbanteCart e-commerce platform
vulnerable version: <1.3.2
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20211202-0 >
===
title: Multiple vulnerabilities in BSCW Server
product: OrbiTeam BSCW Server
vulnerable version: BSCW Server 5.0.x, 5.1.x, &
SEC Consult Vulnerability Lab Security Advisory < 20211104-0 >
===
title: Reflected cross-site scripting vulnerability
product: IBM Sterling B2B Integrator
vulnerable version: 5.2.0.0 - 5.2
SEC Consult Vulnerability Lab Security Advisory < 20211028-0 >
===
title: CODESYS V2 Denial of Service
product: CODESYS Runtime Toolkit 32-bit, CODESYS PLCWinNT
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20211004-0 >
===
title: Multiple Critical Vulnerabilities
product: High Infinity Technology HiKam S6
vulnerable version: <=1.3.26
fixe
SEC Consult Vulnerability Lab Security Advisory < 20210901-0 >
===
title: Multiple vulnerabilities
product: see "Vulnerable / tested versions"
vulnerable version: see "Vulnera
SEC Consult Vulnerability Lab Security Advisory < 20210827-0 >
===
title: Authenticated RCE
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &
SEC Consult Vulnerability Lab Security Advisory < 20210827-1 >
===
title: XML Tag injection
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &
SEC Consult Vulnerability Lab Security Advisory < 20210820-0 >
===
title: Multiple Vulnerabilities in NetModule Router Software
product: NetModule Router Software (NRSW)
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20210819-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Altus Sistemas de Automacao products:
Nexto
SEC Consult Vulnerability Lab Security Advisory < 20210714-0 >
===
title: Authentication bypass & Remote code execution
product: Multiple Schneider Electric EVlink Charging Stations
vulnerab
SEC Consult Vulnerability Lab Security Advisory < 20210601-0 >
===
title: Multiple Critical Vulnerabilities
product: Multiple Korenix Technology products:
Korenix: JetNet 5428G
SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
===
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
SEC Consult Vulnerability Lab Security Advisory < 20210422-0 >
===
title: Stored Cross Site Scripting (Outdated software library)
product: BMD BMDWeb 2.0
vulnerable version: BMD versions
SEC Consult Vulnerability Lab Security Advisory < 20210414-0 >
===
title: Reflected cross-site scripting
product: Microsoft Azure DevOps Server
vulnerable version: 2020.0.1
fixed version: 20
SEC Consult Vulnerability Lab Security Advisory < 20210407-0 >
===
title: Arbitrary File Upload and Bypassing .htaccess Rules
product: Monospace Directus Headless CMS
vulnerable version: &l
seems we had some newline issues before, sorry for the inconvenience. Here is
our advisory again:
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 >
===
title: Authentication bypass vulnera
SEC Consult Vulnerability Lab Security Advisory < 20210301-0 >
===
title: Authentication bypass vulnerability product: Genua
GenuGate High Resistance Firewall
vulnerable version: GenuGate <10.1
SEC Consult Vulnerability Lab Security Advisory < 20210217-0 >
===
title: Multiple Vulnerabilities
product: IrfanView - WPG.dll plugin
vulnerable version: IrfanView 4.57/WPG.dll version 2
SEC Consult Vulnerability Lab Security Advisory < 20210210-0 >
===
title: Reflected Cross-Site Scripting (XSS)
product: Adobe Magento Commerce
vulnerable version: < 2.4.2
fixed versi
SEC Consult Vulnerability Lab Security Advisory < 20210113-1 >
===
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: < 2.0.0 Build 139
fixed version: Release 2.0.0
SEC Consult Vulnerability Lab Security Advisory < 20210113-0 >
===
title: Multiple vulnerabilities
product: Pepperl+Fuchs IO-Link Master Series
See "Vulnerable / test
SEC Consult Vulnerability Lab Security Advisory < 20201217-0 >
===
title: Multiple critical vulnerabilities
product: Trend Micro InterScan Web Security Virtual Appliance
(IWSVA)
vulnerable v
SEC Consult Vulnerability Lab Security Advisory < 20201123-0 >
===
title: Multiple Vulnerabilities
product: ZTE WLAN router MF253V
vulnerable version: V1.0.0B04
fixed version: V1.
SEC Consult Vulnerability Lab Security Advisory < 20201117-0 >
===
title: Blind Out-Of-Band XML External Entity Injection
(Authenticated)
product: Avaya Web License Manager
vulnerable version: 6.
SEC Consult Vulnerability Lab Security Advisory < 20201104-0 >
===
title: Multiple Vulnerabilities
product: Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA)
vulnerable version: &
SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
===
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 20
SEC Consult Vulnerability Lab Security Advisory < 20201012-0 >
===
title: Reflected Cross-Site Scripting and Unauthenticated
Malicious File Upload
product: Sage DPW
vuln
SEC Consult Vulnerability Lab Security Advisory < 20201008-0 >
===
title: Multiple Cross-Site Scripting Vulnerabilities
products: PlantUML, Refined Toolkit for Confluence, Linking for
Conf
SEC Consult Vulnerability Lab Security Advisory < 20201005-0 >
===
title: Multiple Critical Vulnerabilities
product: RocketLinx Series
vulnerable version: See "Vulnerable / tested versions&q
SEC Consult Vulnerability Lab Security Advisory < 20201002-0 >
===
title: Multiple Vulnerabilities
product: SevOne Network Management System (NMS)
vulnerable version: 5.7.2.22
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20201001-0 >
===
title: Broken Access Control
product: Platinum Mobile
vulnerable version: 1.0.4.850
fixed version: 1.0.4.851
CVE
SEC Consult Vulnerability Lab Security Advisory < 20200902-0 >
===
title: Multiple Vulnerabilities
product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
vulnerable version: <=2.0.26
SEC Consult Vulnerability Lab Security Advisory < 20200827-0 >
===
title: Multiple Vulnerabilities
product: ZTE mobile Hotspot MS910S
vulnerable version: DL_MF910S_CN_EUV1.00.01
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200826-0 >
===
title: Extensive file permissions on service executable
product: Eikon Thomson Reuters
vulnerable version: 4.0.42144
fixed v
SEC Consult Vulnerability Lab Security Advisory < 20200807-0 >
===
title: Multiple Vulnerabilities
product: flatCore CMS
vulnerable version: <=1.5.5
fixed version: 1.5.7
C
SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >
===
title: Stored Cross-Site Scripting (XSS) Vulnerability
product: Namirial SIGNificant SignAnyWhere
vulnerable version: v6.10.60
1 - 100 of 232 matches
Mail list logo