2014-03-10 Vendor acknowledges vulnerability
2014-04-22 Vendor released fixed version
2014-05-08 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby
://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products
.
--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachenhttps://www.redteam-pentesting.de
Germany Registergericht: Aachen HRB 14004
Geschäftsführer
source code repository
2014-06-23 CVE number requested
2014-06-25 CVE number assigned
2014-06-26 Advisory released
References
==
http://bugs.python.org/issue21766
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests
] http://typo3.org/teams/security/security-bulletins/typo3-extensions/
typo3-ext-sa-2014-010/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses
://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby
requests more time to notify customers for the 3rd
time, RedTeam Pentesting declines
2015-02-18 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts
[2] https://support.tapatalk.com/threads/19540/#post-146253
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products
?board_url=https://www.redteam-pentesting.de
CVE-2014-8870 was assigned to this issue.
--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachenhttps://www.redteam-pentesting.de
Germany
and software upgrade
2015-02-04 Customer approves public disclosure
2015-02-10 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses
more time
2015-05-21 Requested update from vendor
2015-05-22 Vendor states that upload to extension registry doesn't work
2015-06-03 Requested update from vendor
2015-06-10 Vendor uploads new version to extension registry
2015-06-15 Advisory published
RedTeam Pentesting GmbH
releasing fixed versions (7490 [0])
2015-10-01 Vendor finished releasing fixed versions (other models)
2016-01-07 Advisory released
References
==
[0] https://avm.de/service/sicherheitshinweise/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration
2014-09-08 - Potential vulnerability discovered
2014-09-20 - Vulnerability verified
2014-10-17 - ISP was notified about the vulnerability
2014-10-17 - ISP implemented first countermeasures
2014-10-24 - ISP wants to investigate further
2014-11-28 - ISP needs more time, depends on hardwar
/cookbook/security/remember_me.html
[2]
https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby
ID requested
2015-09-24 CVE ID requested again
2015-10-07 CVE ID assigned
2015-10-21 Vendor contacted
2016-04-04 Vendor released fixed version
2016-05-31 Advisory released
References
==
[1] https://www.paessler.com
[2] https://www.paessler.com/prtg/history/stable
RedTeam Pentesting GmbH
visory provided to customer
2016-05-06 Customer provided updated firmware, notified users
2016-05-23 Customer notified users again
2016-05-31 Advisory published
References
==
[0]
https://github.com/kanaka/websockify/commit/192ec6f5f9bf9c80a089ca020d05ad4bd9e7bcd9
RedTeam Pentesting
2016-05-31 Advisory published
References
==
[1] https://github.com/HadoDokis/Relay-Ajax-Directory-Manager
[2] https://code.google.com/p/relay/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-
-03 Vendor releases fixed version
2016-03-22 Advisory released
References
==
https://www.phpcaptcha.org/uncategorized/securimage-3-6-4-released/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-s
rchive.org/web/20140202171923/http://www.lesscss.org/
[2]
http://www.bennadel.com/blog/2638-executing-javascript-in-the-less-css-precompiler.htm
[3] http://lesscss.org/#client-side-usage
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests p
states that there is no concrete timeline
2016-12-05 Vendor announces a release
2016-12-20 Vendor released fixed version
2016-12-23 Advisory released
References
==
[1] https://github.com/mwielgoszewski/python-paddingoracle
[2] http://httpd.apache.org/security/vulnerabilities_24.ht
ds are executed with root
privileges and no authentication is required, this is rated as a high
risk.
Timeline
2017-05-17 Vulnerability identified
2017-05-23 Customer approved disclosure of vulnerability
2017-05-26 Customer provided details of vulnerability to vendor
2017-07-20 Vulnerabil
m-pentesting.de/advisories/rt-sa-2017-003
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and can be fixed im
-2017-005
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and can be fixed immediately.
As there are only few expert
5-26 Customer provided details of vulnerability to vendor
2017-06-21 Vulnerability reported as fixed by vendor
2017-07-24 Advisory released
References
==
[0] https://www.reddoxx.com/en/
[1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads
(Requires login
as a high risk.
Timeline
2017-05-17 Vulnerability identified
2017-05-23 Customer approved disclosure of vulnerability
2017-05-26 Customer provided details of vulnerability to vendor
2017-07-20 Vulnerability reported as fixed by vendor
2017-07-24 Advisory released
References
==
[0] ht
com/files/137127/typo3-xssbypass.txt
[3] http://examples.typo3-formhandler.com/start/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks
fers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and can be fixed immediately.
As there are only few experts in this field, RedTeam Pentesting wants to
share its knowledge and enhance
wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
[1] http://www.dest-unreach.org/socat/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security expert
elease
2017-08-22 Advisory released
References
==
[0] http://webclientprint.azurewebsites.net/
[1]
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penet
te and announced
public release for end of October
2017-10-09 RedTeam Pentesting asked vendor for status update
2017-11-03 Advisory released (no reply from vendor to status update requests)
References
==
[1] http://ladonize.org
[2] https://pypi.python.org/pypi/defusedxml
RedTeam
11-13 Customer approved further research
2017-12-01 Further research conducted
2018-01-09 Customer approved disclosure to vendor
2018-01-10 Vendor notified
2018-01-12 Vendor released fixed version
2018-01-15 Advisory released
References
==
[1] https://www.shibboleth.net/
[2] https://www.w3.org
version
2018-03-05 Vendor made issue public
2018-03-08 Advisory released
References
==
[1] https://www.tuleap.org/what-is-tuleap
[2] https://tools.ietf.org/html/rfc3986
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests per
ed
2017-09-13 Customer approved disclosure to vendor
2017-09-14 Vendor notified
2018-02-27 Vendor released fixed version
2018-03-13 Advisory released
References
==
[1] https://github.com/shopware/shopware
[2] https://community.shopware.com/Downloads_cat_448.html#5.4.0
RedTeam Pentesting GmbH
==
s/316-CZP-275/images/ds-enterprise-password-vault-11-15-17.pdf
[2] https://github.com/pwntester/ysoserial.net
[3] https://curl.haxx.se/
[4] https://www.tcpdump.org/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of special
ne
2017-11-24 Vulnerability identified
2018-01-22 Customer approved disclosure to vendor
2018-02-05 Vendor notified
2018-04-06 CVE number requested
2018-04-07 CVE number assigned
2018-04-09 Advisory released
References
==
[1]
http://lp.cyberark.com/rs/316-CZP-275/images/ds-enter
sting.de/advisories/rt-sa-2018-004
[3]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security ex
c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-003
[3]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
RedTeam Pentesting GmbH
===
RedTeam
index.html
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-002
[3]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
nce the public knowledge with research in
security-related areas. The results are made available as public
security advisories.
More information about RedTeam Pentesting can be found at:
https://www.redteam-pentesting.de/
Working at RedTeam Pentesting
=
RedTeam Pente
t-wan-vpn-router/index.html
[2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are u
2018-12-21 Postponing disclosure to 2019-01-23, as requested by vendor
2019-01-16 List of affected versions provided by vendor
2019-01-23 Advisory published
References
==
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://wiki.open
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-securi
ON%2026%20presentations/Orange%20Tsai%20-%20Updated/DEFCON-26-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out-Updated.pdf
[4] https://tomcat.apache.org
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests perf
uot;2020-01-30T12:34:56",
"Valid": true,
"VirusScan": true
}
}
}
Workaround
======
None
Fix
===
Install the latest hotfixes for the appliance, see [2].
Security Risk
=
https://www.rapid7.com/db/modules/auxiliary/scanner/scada/modbusclient
[4]
https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team o
n of CVE-2019-13553
References
======
[0]
https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0
[1] https://www.redteam-pentesting.de/de/advisories/rt-sa-2019-014.txt
RedTeam Pentesting GmbH
===
RedTeam Pentesting offe
ure
2019-11-25 CVE number requested
2019-11-25 CVE number assigned
2019-12-02 Vendor released fixed version
2019-12-10 Customer approved disclosure
2019-12-13 Fixed version released
2020-01-02 Advisory released
References
==
[1] https://www.redteam-pentesting.de/a
xed version released
2020-01-02 Advisory released
References
==
[1] https://tools.ietf.org/html/rfc6350
[2] https://tools.ietf.org/html/rfc2445
[3] https://www.redteam-pentesting.de/advisories/rt-sa-2019-16
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individu
Tried to contact the German branch of WatchGuard
2020-02-27 Contacted the Dutch branch of WatchGuard
2020-02-28 Contact to ADHelper QA Team Lead established
2020-03-02 Advisory draft sent for verification
2020-03-10 Vendor released fixed version and blog post
2020-03-11 CVE ID requested
2020-03-1
ttps://pkg.go.dev/net/http/?tab=doc#ResponseWriter
[2] https://pkg.go.dev/net/http/httptest?tab=doc#ResponseRecorder
[3] https://mimesniff.spec.whatwg.org/
[4]
https://github.com/golang/go/blob/ba9e10889976025ee1d027db6b1cad383ec56de8/src/net/http/cgi/child.go#L196-L199
[5]
https://github.com/go
otified of another problematic IP
2020-08-06 Vendor provided fixed version to RedTeam Pentesting
2020-10-06 Vendor starts distribution of fixed version for selected devices
2020-10-19 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual
upport.dlink.com/ProductInfo.aspx?m=DSR-250N
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and can be fixed
tations
[7]
https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
session of an account for a MobileTogether Server with
access to at least one app are able to read files from the server
system, conduct HTTP requests to external and internal systems and can
also deny the availability of the service. Access might also be possible
through default credentials or
s that
no advisory should be released. Vendor acknowledges
public release after 90 days.
2021-10-04 Customer confirms update to fixed version
2021-10-13 Advisory released
References
==
[0] https://www.myfactory.com/myfactoryfms.aspx
RedTeam Pentesting GmbH
=
d disclosure to vendor
2021-09-10 Vendor notified
2021-09-10 CVE ID requested
2021-09-10 CVE ID assigned
2021-10-05 Vendor provides access to device with fixed firmware
2021-10-11 Vendor provides fixed firmware
2021-10-15 RedTeam Pentesting examines device, vulnerability seems to be
corrected
2021-12-06 Advis
and use functions not available to
"sub-admin" users, like firmware updates. All in all, this vulnerability
is therefore rated to have a medium risk potential.
Timeline
2021-08-26 Vulnerability identified
2021-09-01 Customer approved disclosure to vendor
2021-09-10 Vendor notif
wly acquired
credentials, attackers can access configuration settings and most other
functions.
They can then for example create new SIP credentials and use them to
call premium rate phone lines they operate to generate revenue. They can
monitor and even redirect all incoming and outgoing
e call premium rate phone lines they operate to generate
revenue. They can also configure a device they control as the PBX in the
phone, so all incoming and outgoing phone calls are intercepted and can
be recorded. The device also contains a function to record all Ethernet
data traffic, which is likel
uot;The device in question doesn't support
Crestron's security practices. We recommend the HD-MD-4KZ
alternative."
2021-12-22 Requested confirmation, that the vulnerability will not be addressed.
2021-12-28 Vendor confirms that the vulnerability will not be corrected.
2022-01-
1-07-12 Customer approved disclosure to vendor
2021-07-16 Vendor notified
2021-08-20 Vendor provides fixed firmware
2022-09-29 Customer approved release of advisory
2022-10-10 CVE ID requested
2022-10-15 CVE ID assigned
2022-10-24 Advisory published
References
==
https://zkteco.eu/c
20 Customer approved disclosure to vendor
2022-10-20 Vulnerability was disclosed to the vendor
2023-01-17 Patch released by vendor for versions 10.2.17, 11.2.6 and
12.0.1.
2023-01-26 Detailed advisory released by RedTeam Pentesting GmbH
RedTeam Pentesting GmbH
===
Re
mPentesting/monsoon
[2]
https://docs.rws.com/860026/585715/worldserver-11-7-developer-documentation/customizing-the-rest-api
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security
approved disclosure to vendor
2023-05-02 Vendor notified
2023-05-03 CVE ID requested
2023-05-08 Vendor released fixed version
2023-05-14 CVE ID assigned
2023-05-16 Vendor asks for a few more days before the advisory is released
2023-05-30 Advisory released
References
==
[1] https://
to a version without the vulnerability.
Security Risk
=
Attackers with access to any regular user account for a Pydio Cells instance can
extend their privileges by creating a new external user with all roles
assigned. Subsequently, they can access all folders and files in any
cel
pose a significant
risk. In other circumstances, the risk could be negligible. Therefore,
overall the vulnerability is rated as a medium risk.
Timeline
2023-03-23 Vulnerability identified
2023-05-02 Customer approved disclosure to vendor
2023-05-02 Vendor notified
2023-05-03 CVE I
ed on another system.
Furthermore, the login via password hash allows attackers for permanent
unauthorised access to the web interface even if system access was
obtained only temporarily. Due to the prerequisites of obtaining access
to password hashes, the vulnerability poses a low risk only.
T
68 matches
Mail list logo