1.70
2015-06-09 Verified that vulnerability is not fixed in version 1.70
2015-06-09 Vendor responded: vulnerability is already known and being
worked on, release date is not known
2015-06-09 Vendor provided list of affected devices
2015-07-10 Vendor queried for update, no response
2015-08-03 Vendor
2015-12-22 Advisory released
References
==
[0] https://github.com/symfony/symfony-demo
[1] https://symfony.com/doc/current/cookbook/security/remember_me.html
[2]
https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
RedTeam Pentesting GmbH
=
Vendor started releasing fixed versions (7490 [0])
2015-10-01 Vendor finished releasing fixed versions (other models)
2016-01-07 Advisory released
References
==
[0] https://avm.de/service/sicherheitshinweise/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individ
ability allows the unauthorised usage of foreign VoIP
telephone numbers. The victim will be charged with all costs resulting
from fraudulent phone calls. Furthermore, an attacker may answer phone
calls on behalf of the victim. Customers have no means of defending
oneself from such an attack. Chances are th
to vendor
2016-02-23 CVE number requested
2016-02-24 CVE number not assigned, "non-prioritized product"
2016-03-02 Vendor contacted
2016-03-03 Vendor releases fixed version
2016-03-22 Advisory released
References
==
https://www.phpcaptcha.org/uncategorized/securimage-3-6-4-relea
ability
2015-09-04 CVE ID requested
2015-09-24 CVE ID requested again
2015-10-07 CVE ID assigned
2015-10-21 Vendor contacted
2016-04-04 Vendor released fixed version
2016-05-31 Advisory released
References
==
[1] https://www.paessler.com
[2] https://www.paessler.com/prtg/history/stable
2016-04-14 Vulnerability identified
2016-05-03 Advisory provided to customer
2016-05-06 Customer provided updated firmware, notified users
2016-05-23 Customer notified users again
2016-05-31 Advisory published
References
======
[0]
https://github.com/kanaka/websockify/commit/1
ther evaluated.
Timeline
2015-11-19 Vulnerability discovered
2016-04-07 Customer approved disclosure of vulnerability
2016-05-12 Developers contacted, project is no longer maintained
2016-05-31 Advisory published
References
==
[1] https://github.com/HadoDokis/Relay-Ajax-Director
] https://github.com/less/less.js
[1] http://web.archive.org/web/20140202171923/http://www.lesscss.org/
[2]
http://www.bennadel.com/blog/2638-executing-javascript-in-the-less-css-precompiler.htm
[3] http://lesscss.org/#client-side-usage
RedTeam Pentesting GmbH
===
RedTeam P
response
2016-07-14 Requested status update and roadmap from vendor
2016-07-21 Vendor confirms working on a new released and inquired whether the
patch fixes the vulnerability
2016-07-22 RedTeam confirms
2016-08-24 Requested status update from vendor
2016-08-29 Vendor states that there is no
nclusions about the
corresponding file contents, and other potentially sensitive data such
as email addresses.
Timeline
2014-02-20 Vulnerability identified
2014-03-04 Customer approved disclosure to vendor
2014-03-06 CVE number requested and assigned
2014-03-07
4-05-20 Vendor announces fixed versions
2014-05-28 Advisory released
References
==
http://www.webedition.org/de/aktuelles/webedition-cms/
Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht
(German)
http://www.webedition.org/de/aktuelles/webedition-cms/
Wichtige-H
Advisory: SQL Injection in webEdition CMS File Browser
RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for exam
nces
==
Vendor Security Advisory:
http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
s with updated information
2014-06-25 Advisory released
References
==
[1]
http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20administrative%20operations
[2]
http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20supported%20logging%20variables
RedTeam Pe
ed from vendor
2014-05-02 Vendor responds with updated information
2014-06-25 Advisory released
References
==
[1]
http://docs.oracle.com/cd/E29220_01/mdex.222/admin/src/cadm_url_about_admin_urls.html
[2] http://docs.oracle.com/cd/E29220_01/index.htm
RedTeam Pentesting GmbH
===
;s working directory or in its subdirectories.
The CGIHTTPServer code does contain this warning:
"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL"
Even when used on a local computer this may allow other local users to
execute code in the context of another use
rty extensions:
[2] http://typo3.org/teams/security/security-bulletins/typo3-extensions/
typo3-ext-sa-2014-010/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereb
ntinues to release updated versions, no response
whether the security issue is fixed
2014-11-14 CVE number assigned
2014-12-01 Advisory released
References
==
[1] https://code.google.com/p/wfuzz/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offer
ntacted vendor again since no fix or roadmap was provided.
2014-10-28 CVE number requested
2014-11-14 CVE number assigned
2014-12-01 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of s
ds with CVE-ID, plans release for mid-November
2014-11-06 More definite release schedule requested
2014-11-12 Vendor plans release for last week of November
2014-11-21 Additional details requested from vendor
2014-11-22 Vendor responds with details, postpones release to
mid-December due to
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via URL
?board_url=https://www.redteam-pentesting.de
CVE-2014-8870 was assigned to this issue.
--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachenhttps://www.redteam-pentesting.de
Germany
ses security bulletin and software upgrade
2015-02-04 Customer approves public disclosure
2015-02-10 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby
version
2014-11-11 CVE number requested
2014-11-12 Vendor requests more time to notify their customers
2014-11-14 CVE number assigned
2014-12-08 Vendor again requests more time to notify customers
2015-01-12 Vendor notifies customers again, agrees to release advisory
on
isory released
References
======
[0] https://github.com/xmendez/wfuzz
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are unco
15-04-29 Requested status update from vendor, vendor is still investigating
2015-05-22 Requested status update from vendor
2015-05-27 Vendor is working on the issue
2015-06-05 Vendor notified customers
2015-06-08 Vendor provided details about affected versions
2015-06-10 Advisory released
RedTeam
15-04-08 Vendor announced fixed version available at the end of April
2015-05-13 Requested update from vendor
2015-05-15 Vendor requests more time
2015-05-21 Requested update from vendor
2015-05-22 Vendor states that upload to extension registry doesn't work
2015-06-03 Requested update from
attackers to completely
manipulate the website, add their own content and track all user
interaction.
Timeline
2013-12-04 Vulnerability identified
2013-12-10 Customer approved disclosure to vendor
2013-12-13 Vendor notified
2014-01-15 Vendor released fixed version
2014-02-11 CVE number
3bf4e2874a0120d99ae02a1a9f4a6e74094c7dc1
[2]
https://github.com/loewexy/pdnsmanager/commit/ccc423291cb0e6f8c58849f71821e7425b7c030e
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Here
.
Timeline
2017-05-16 Vulnerability identified
2017-05-23 Customer approved disclosure of vulnerability
2017-05-26 Customer provided details of vulnerability to vendor
2017-06-21 Vulnerability reported as fixed by vendor
2017-07-24 Advisory released
References
==
References
==
[0] https://www.reddoxx.com/en/
[1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads
(Requires login)
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2017-003
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penet
he extracted
session IDs can be used by attackers to impersonate the user associated
with the ID when interacting with the appliance. An authenticated
session is also a precondition to exploit the vulnerability described
in rt-sa-2017-006 [3], which allows arbitrary file disclosure as root.
Timel
redteam-pentesting.de/advisories/rt-sa-2017-004
[3] https://www.redteam-pentesting.de/advisories/rt-sa-2017-005
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses
ided details of vulnerability to vendor
2017-06-21 Vulnerability reported as fixed by vendor
2017-07-24 Advisory released
References
==
[0] https://www.reddoxx.com/en/
[1] https://my.reddoxx.com/documents/manual/en/custdl/product-downloads
(Requires login)
RedTeam Pentesting GmbH
===
empts with cleartext credentials. This is
rated as a high risk.
Timeline
2017-05-17 Vulnerability identified
2017-05-23 Customer approved disclosure of vulnerability
2017-05-26 Customer provided details of vulnerability to vendor
2017-07-20 Vulnerability reported as fixed by vendor
2017-07-24
e to Version 2032 SP2.
Security Risk
=
The diagnostic functions offered by the REDDOXX appliance allow attackers
to execute arbitrary commands. Since the commands are executed with root
privileges and no authentication is required, this is rated as a high
risk.
Timeline
201
ublic
security advisories.
More information about RedTeam Pentesting can be found at:
https://www.redteam-pentesting.de/
Working at RedTeam Pentesting
=
RedTeam Pentesting is looking for penetration testers to join our team
in Aachen, Germany. If you are interested p
clients are updated
2017-07-31 Customer approved advisory release
2017-08-22 Advisory released
References
======
[0] http://webclientprint.azurewebsites.net/
[1]
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
RedTeam Pentesting GmbH
==
ion
2015-09-16 Customer asked to wait with advisory release until all their
clients are updated
2017-07-31 Customer approved advisory release
2017-08-22 Advisory released
References
==
[0]
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-client
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
com
8-22 Advisory released
References
==
[0]
https://neodynamic.wordpress.com/2015/09/15/webclientprint-2-0-for-windows-clients-critical-update/
[1] http://www.dest-unreach.org/socat/
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests perf
6-11-29 Customer notified vendor
2017-07-10 Customer fixed problem in their own product
2017-07-21 RedTeam Pentesting notified vendor
2017-08-11 RedTeam Pentesting asked vendor for status update
2017-09-08 RedTeam Pentesting asked vendor for status update and announced
public release for
er accounts, effectively bypassing authorisation mechanisms.
Timeline
2017-11-06 Vulnerability identified
2017-11-13 Customer approved further research
2017-12-01 Further research conducted
2018-01-09 Customer approved disclosure to vendor
2018-01-10 Vendor notified
2018-01-12 Vendor
version
2018-03-05 Vendor made issue public
2018-03-08 Advisory released
References
==
[1] https://www.tuleap.org/what-is-tuleap
[2] https://tools.ietf.org/html/rfc3986
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests perfor
effort for the shop operator.
Timeline
2017-08-28 Vulnerability identified
2017-09-13 Customer approved disclosure to vendor
2017-09-14 Vendor notified
2018-02-27 Vendor released fixed version
2018-03-13 Advisory released
References
==
[1] https://github.com/shopware/shopware
released
References
==
[1]
http://lp.cyberark.com/rs/316-CZP-275/images/ds-enterprise-password-vault-11-15-17.pdf
[2] https://github.com/pwntester/ysoserial.net
[3] https://curl.haxx.se/
[4] https://www.tcpdump.org/
RedTeam Pentesting GmbH
===
RedTeam Pentesting o
.
Timeline
2017-11-24 Vulnerability identified
2018-01-22 Customer approved disclosure to vendor
2018-02-05 Vendor notified
2018-04-06 CVE number requested
2018-04-07 CVE number assigned
2018-04-09 Advisory released
References
==
[1]
http://lp.cyberark.com/rs/316-CZP-275/image
01-23 Advisory published
References
==
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration
s://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg42801
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, se
2019-01-23, as requested by vendor
2019-01-16 List of affected versions provided by vendor
2019-01-23 Advisory published
References
==
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://wiki.openssl.org/index.php/Command_Line_Utiliti
.
Attackers can then authenticate at the PBX as the respective phone and
for example call premium rate phone lines they operate to generate
revenue. They can also configure a device they control as the PBX in the
phone, so all incoming and outgoing phone calls are intercepted and can
be recorded. The dev
passwords for other user accounts, including those with the
"sub-admin" privilege. After logging in with these newly acquired
credentials, attackers can access configuration settings and most other
functions.
They can then for example create new SIP credentials and use them to
call prem
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and can be fixed immediately.
As there are only few experts in this field, RedTeam Pentesting wants to
Timeline
2021-08-26 Vulnerability identified
2021-09-01 Customer approved disclosure to vendor
2021-09-10 Vendor notified
2021-09-10 CVE ID requested
2021-09-10 CVE ID assigned
2021-10-05 Vendor provides access to device with fixed firmware
2021-10-11 Vendor provides fixed firmware
2021-10-15 RedT
r response received: "The device in question doesn't support
Crestron's security practices. We recommend the HD-MD-4KZ
alternative."
2021-12-22 Requested confirmation, that the vulnerability will not be addressed.
2021-12-28 Vendor confirms that the vulnerability w
-24 Vulnerability identified
2021-07-12 Customer approved disclosure to vendor
2021-07-16 Vendor notified
2021-08-20 Vendor provides fixed firmware
2022-09-29 Customer approved release of advisory
2022-10-10 CVE ID requested
2022-10-15 CVE ID assigned
2022-10-24 Advisory published
References
==
h
e domain specified in the URL resulting
in a cross-site scripting vulnerability.
Workaround
==
None.
Fix
===
According to the vendor, the vulnerability is mitigated in versions
10.2.17, 11.2.6 and 12.0.1 of the Secure Web Gateway. This was not
verified by RedTeam Pentesting GmbH. The
f external users in the authentication settings.
Fix
===
Upgrade Pydio Cells to a version without the vulnerability.
Security Risk
=
Attackers with access to any regular user account for a Pydio Cells instance can
extend their privileges by creating a new external user with al
Vendor released fixed version
2023-05-14 CVE ID assigned
2023-05-16 Vendor asks for a few more days before the advisory is released
2023-05-30 Advisory released
References
==
[1] https://aws.amazon.com/sdk-for-javascript/
RedTeam Pentesting GmbH
===
RedTeam Pentesting off
,
the server-side request forgery vulnerability could pose a significant
risk. In other circumstances, the risk could be negligible. Therefore,
overall the vulnerability is rated as a medium risk.
Timeline
2023-03-23 Vulnerability identified
2023-05-02 Customer approved disclosure to
passwords.
While the precondition for this attack could be the full compromise of
the STARFACE PBX, another attack scenario could be that attackers
acquire access to backups of the database stored on another system.
Furthermore, the login via password hash allows attackers for permanent
unauthorise
[1] https://github.com/RedTeamPentesting/monsoon
[2]
https://docs.rws.com/860026/585715/worldserver-11-7-developer-documentation/customizing-the-rest-api
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT
s field, RedTeam Pentesting wants to
share its knowledge and enhance the public knowledge with research in
security-related areas. The results are made available as public
security advisories.
More information about RedTeam Pentesting can be found at:
https://www.redteam-pentesting.de/
Working a
.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-002
[3]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
RedTeam Pentesting GmbH
===
Re
ry published
References
==
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-003
[3]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-r
25 Vendor requests postponed disclosure
2019-03-25 Postponement declined
2019-03-27 Advisory published
References
==
[1]
https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
[2] https://www.redteam-pentesting.de/advisories/rt-sa-2018-004
[3]
ht
ON%2026%20presentations/Orange%20Tsai%20-%20Updated/DEFCON-26-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out-Updated.pdf
[4] https://tomcat.apache.org
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests perform
": "2020-01-30T12:34:56",
"Valid": true,
"VirusScan": true
}
}
}
Workaround
==
None
Fix
===
Install the latest hotfixes for the appliance, see [2].
Security Risk
==
e to publication of CVE-2019-13553
References
======
[0]
https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0
[1] https://www.redteam-pentesting.de/de/advisories/rt-sa-2019-014.txt
RedTeam Pentesting GmbH
===
RedTeam Pentesting
ploit.com/
[3] https://www.rapid7.com/db/modules/auxiliary/scanner/scada/modbusclient
[4]
https://www.carel.com/documents/10191/0/+030220471/9619472f-f1c0-4ec9-a151-120aaa5e479a?version=1.0
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests perfor
e
2019-12-13 Fixed version released
2020-01-02 Advisory released
References
==
[1] https://tools.ietf.org/html/rfc6350
[2] https://tools.ietf.org/html/rfc2445
[3] https://www.redteam-pentesting.de/advisories/rt-sa-2019-16
RedTeam Pentesting GmbH
===
RedTeam Pentesting
1-11 Vulnerability identified
2019-11-15 Vendor notified
2019-11-22 Customer approved disclosure
2019-11-25 CVE number requested
2019-11-25 CVE number assigned
2019-12-02 Vendor released fixed version
2019-12-10 Customer approved disclosure
2019-12-13 Fixed version released
2020-01-02 Advi
pproved disclosure to vendor
2020-02-24 Tried to contact the German branch of WatchGuard
2020-02-27 Contacted the Dutch branch of WatchGuard
2020-02-28 Contact to ADHelper QA Team Lead established
2020-03-02 Advisory draft sent for verification
2020-03-10 Vendor released fixed version and blog post
2020-0
ion of Go, issue[6] is #40928, patch[7]
References
==
[1] https://pkg.go.dev/net/http/?tab=doc#ResponseWriter
[2] https://pkg.go.dev/net/http/httptest?tab=doc#ResponseRecorder
[3] https://mimesniff.spec.whatwg.org/
[4]
https://github.com/golang/go/blob/ba9e10889976025ee1d027db6b1cad383
[1] https://support.dlink.com/ProductInfo.aspx?m=DSR-250N
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weaknesses in
company networks or products are uncovered and
dor notified of another problematic IP
2020-08-06 Vendor provided fixed version to RedTeam Pentesting
2020-10-06 Vendor starts distribution of fixed version for selected devices
2020-10-19 Advisory released
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individua
g/support/faq.html#presentations
[7]
https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
RedTeam Pentesting GmbH
===
RedTeam Pentesting offers individual penetration tests performed by a
team of specialised IT-security experts. Hereby, security weak
3 SP1 resolves the
vulnerability.
Security Risk
=
Attackers in possession of an account for a MobileTogether Server with
access to at least one app are able to read files from the server
system, conduct HTTP requests to external and internal systems and can
ot agree to a
public advisory.
2021-06-10 Vendor contacts RedTeam Pentesting, reiterates that
no advisory should be released. Vendor acknowledges
public release after 90 days.
2021-10-04 Customer confirms update to fixed version
2021-10-13 Advisory released
Re
80 matches
Mail list logo