[FD] SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex

2014-04-30 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20140430-0 === title: SQL injection and persistent XSS product: Typo3 3rd party extension si_bibtex vulnerable version: si_bibtex 0.2.3 fixed

[FD] SEC Consult SA-20140528-0 :: Root Backdoor Unauthenticated access to voice recordings in NICE Recording eXpress

2014-05-28 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140528-0 === title: Root Backdoor Unauthenticated access to voice recordings product: NICE Recording

[FD] SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan

2014-06-06 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140606-0 === title: Multiple critical vulnerabilities product: WebTitan vulnerable version: 4.01 (Build

[FD] SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS

2014-06-30 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140630-0 === title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable version

[FD] SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop

2014-07-10 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20140710-1 === title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version

[FD] SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system

2014-07-10 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20140710-2 === title: Multiple critical vulnerabilites product: Schrack MICROCONTROL emergency light system vulnerable version: before 1.7.0 (937

[FD] SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu

2014-07-10 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20140710-3 === title: Design Issue / Password Disclosure product: All WAGO-I/O-SYSTEMs which provide a CODESYS V2.3 WebVisu vulnerable version: Systems

[FD] SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director

2014-08-05 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140805-0 === title: Multiple vulnerabilities product: Readsoft Invoice Processing / Process Director

[FD] SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting

2014-08-28 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140828-0 === title: Reflected Cross-Site Scripting product: F5 BIG-IP vulnerable version: = 11.5.1

[FD] SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces

2014-10-15 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20141015-0 === title: Potential Cross-Site Scripting product: ADF Faces vulnerable version: 12.1.2.0

[FD] SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel

2014-10-29 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141029-0 === title: Multiple critical vulnerabilities product: Vizensoft Admin Panel vulnerable version: 2014 fixed version

[FD] SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

2014-10-29 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141029-1 === title: Persistent cross site scripting product: Confluence RefinedWiki Original Theme vulnerable version: 3.x - 4.0.x fixed version

[FD] SEC Consult SA-20141106-0 :: XXE XSS Arbitrary File Write vulnerabilities in Symantec Endpoint Protection

2014-11-06 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141106-0 === title: XXE XSS Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed

[FD] SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-0 === title: Multiple critical vulnerabilities product: VDG Security SENSE (formerly DIVA) vulnerable version: 2.3.13 fixed version

[FD] SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-1 === title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.14.1 fixed version: =0.15.0

[FD] SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

2014-12-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20141218-2 === title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3

[FD] SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) SCSP

2015-01-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20150122-0 === title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced (SDCS:SA) Symantec

[FD] SEC Consult SA-20150113-1 :: Privilege Escalation XSS Missing Authentication in Ansible Tower

2015-01-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20150113-1 === title: Privilege Escalation XSS Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5

[FD] SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home

2015-02-27 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20150227-0 === title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware: 5.49; Android-App: 3.4.1 fixed version: 6.3

[FD] SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server

2015-05-13 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150513-0 === title: Multiple critical vulnerabilities product: WSO2 Identity Server

[FD] SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2)

2015-05-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20150514-0 === title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware version 6.4.5.12 fixed version: 6.4.5.12

[FD] SEC Consult SA-20150519-0 :: Critical buffer overflow vulnerability in KCodes NetUSB (VU#177092, CVE-2015-3036)

2015-05-19 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory 20150519-0 === title: Kernel Stack Buffer Overflow product: KCodes NetUSB vulnerable version: see Vulnerable / tested versions fixed version: see

[FD] SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

2015-06-26 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150626-0 === title: Critical vulnerabilities allow surveillance on conferences product: Polycom

[FD] SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities

2015-07-28 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150728-0 === title: McAfee Application Control Multiple Vulnerabilities product: McAfee Application

[FD] SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

2015-10-22 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory < 20151022-0 > === title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2

[FD] SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products

2015-11-05 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20151105-0 > === title: Insecure default configuration product: various Ubiquiti Networks products vulnerable version: see Vulnerable / tested ve

[FD] SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway

2016-06-02 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 > === title: Multiple critical vulnerabilities product: Ubee EVW3226 Advanced wireless voice gateway vulnerable version: Fi

[FD] SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

2016-06-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 > === title: XSS and information disclosure vulnerability product: ASUS DSL-N55U router vulnerable version: 3.0.0.4.376_2736

[FD] SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities

2016-02-10 Thread SEC Consult Vulnerability Lab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 SEC Consult Vulnerability Lab Security Advisory < 20160210-0 > === title: Multiple Vulnerabilities product: Yeager CMS vulnerable version:

[FD] SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices

2016-01-21 Thread SEC Consult Vulnerability Lab
for more information. SEC Consult Vulnerability Lab Security Advisory < 20160121-0 > === title: Deliberately hidden backdoor account product: Several AMX (HARMAN Professional) device

[FD] SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app

2016-04-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160422-0 > === title: Insecure data storage product: my devolo - android application - air.de.devolo.my.devolo vulnerable version: 1.2.8

[FD] SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

2016-07-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > === title: Multiple vulnerabilities product: Micro Focus (former Novell) Filr Appliance vulnerable version: Filr 2 <=2.0.0.421,

[FD] SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server

2017-02-07 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170207-0 > === title: Path Traversal, Backdoor accounts & KNX group address password bypass product: JUNG Smart V

[FD] SEC Consult SA-20170130-0 :: XSS & CSRF in multiple Ubiquiti Networks products

2017-01-30 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170130-0 > === title: XSS & CSRF vulnerabilities product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5

[FD] SEC Consult SA-20170117-0 :: XSS in Recommend Page extension for TYPO3 CMS (pb_recommend_page)

2017-01-17 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170117-0 > === title: Cross Site Scripting (XSS) product: Recommend Page extension for TYPO3 CMS (pb_recommend_page) vulnerable version: &

[FD] SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave

2017-03-01 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170301-0 > === title: XML External Entity Injection (XXE), Reflected Cross Site Scripting product: Aruba AirWave vuln

[FD] SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

2016-08-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160825-0 > === title: Multiple vulnerabilities product: Micro Focus GroupWise vulnerable version: GroupWise 2014 R2

[FD] SEC Consult SA-20160831-0 :: Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker

2016-08-31 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160831-0 > === title: Manipulation of pre-boot authentication product: CryptWare CryptoPro Secure Disk for Bitlocker vulnerable version: 5.1.

[FD] SEC Consult SA-20160922-0 :: Potential backdoor access through multiple vulnerabilities in Kerio Control Unified Threat Management

2016-09-22 Thread SEC Consult Vulnerability Lab
/controlling-kerio-control-when-your.html Video: https://www.youtube.com/watch?v=y_OWz25sHMI SEC Consult Vulnerability Lab Security Advisory < 20160922-0 > === title: Potential backdoor access through multiple vulnerabi

[FD] SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras

2016-12-06 Thread SEC Consult Vulnerability Lab
We have published an accompanying blog post to this technical advisory with further information: http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html SEC Consult Vulnerability Lab Security Advisory < 2016120

[FD] SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

2017-03-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 > === title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/120

[FD] SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products

2017-03-16 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170316-0 > === title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS

[FD] SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function

2017-04-03 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170403-0 > === title: Misbehavior of the "fsockopen" function product: PHP vulnerable version: 7.1.2 fixed version: CVE

[FD] SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum

2017-04-07 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 > === title: Server Side Request Forgery (SSRF) Vulnerability product: MyBB vulnerable version: 1.8.10 fixed version:

[FD] SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint

2017-03-08 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170308-0 > === title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or

[FD] SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products

2017-07-12 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170712-0 > === title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vuln

[FD] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

2017-07-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 > === title: Cross-Site Scripting (XSS) product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1

[FD] SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products

2017-07-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 > === title: Open Redirect in Login Page product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE

[FD] SEC Consult SA-20170727-0 :: Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities

2017-07-27 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170727-0 > === title: Authenticated Command Injection & Cloud User Weak Crypto & Privilege Escalation product: Ubi

[FD] SEC Consult SA-20170727-1 :: Kathrein UFSconnect 916 multiple vulnerabilities

2017-07-27 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170727-1 > === title: Multiple vulnerabilities product: KATHREIN - UFSconnect 916, UFSconnect 906 vulnerable version: 2.23 Build 224, 2.22 Bui

[FD] SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government

2017-06-30 Thread SEC Consult Vulnerability Lab
descriptions: http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html SEC Consult Vulnerability Lab Security Advisory < 20170630-0 > === title: Multiple critical vulnerabi

[FD] SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation

2017-04-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170425-0 > === title: Privilege Escalation due to insecure service configuration product: Portrait Display SDK Service vulnerable version: mu

[FD] SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability

2017-08-04 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170804-0 > === title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE

[FD] SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection

2017-08-04 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170804-1 > === title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware v0.6.1

[FD] SEC Consult SA-20170822-0 :: Multiple vulnerabilities in Progress Sitefinity CMS

2017-08-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170822-0 > === title: Multiple vulnerabilities product: Progress Sitefinity vulnerable version: 9.1 fixed version: 10.1 CVE

[FD] SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager

2017-05-11 Thread SEC Consult Vulnerability Lab
A blog post with additional information is available here: http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html We have also released a video showing arbitrary code execution: https://www.youtube.com/watch?v=1EngNIXSNQw SEC Consult Vulnerability Lab Security Advisory

[FD] SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App

2017-05-10 Thread SEC Consult Vulnerability Lab
A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory < 20170510-0 > === title: Insecure Handling Of URI Schemes product: Microsoft On

[FD] SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager

2017-05-09 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170509-0 > === title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: <=4.6 & 4.7 fixed version: 4.8

[FD] SEC Consult SA-20170622-0 :: XXE, SQLi, XSS & local file disclosure in Cisco Prime Infrastructure

2017-06-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170622-0 > === title: XML External Entity Injection (XXE), SQL Injection, Cross Site Scripting, Local File Disc

[FD] SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane

2017-05-23 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170523-0 > === title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2

[FD] SEC Consult SA-20170607-0 :: Various WiMAX CPEs Authentication Bypass

2017-06-07 Thread SEC Consult Vulnerability Lab
We have published an accompanying blog post to this technical advisory with further information: http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html SEC Consult Vulnerability Lab Security Advisory < 2017060

[FD] SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence

2017-06-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170613-0 > === title: Access Restriction Bypass product: Atlassian Confluence vulnerable version: 4.3.0 - 6.1.1 fixed version: 6.2.1

[FD] SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key

2017-09-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170914-0 > === title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware version &

[FD] SEC Consult SA-20170914-1 :: Persistent Cross-Site Scripting in SilverStripe CMS

2017-09-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170914-1 > === title: Persistent Cross-Site Scripting product: SilverStripe CMS vulnerable version: <=3.5.3 fixed versi

[FD] SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++

2017-10-16 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 > === title: Multiple vulnerabilities product: Micro Focus VisiBroker C++ vulnerable version: 8.5 SP2 fixed version: 8.5 S

[FD] SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component

2017-10-17 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171017-0 > === title: Cross site scripting product: Webtrekk Pixel tracking vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to

[FD] SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app

2017-09-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170913-1 > === title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE

[FD] SEC Consult SA-20170913-0 :: Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage

2017-09-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170913-0 > === title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage vulnerable version: 9.1, 11.3, an

[FD] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting

2017-09-12 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20170912-0 > === title: Email verification bypass product: SAP E-Recruiting vulnerable version: 605, 606, 616, 617 fixed version: see SAP se

[FD] SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun

2017-10-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171018-0 > === title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017

[FD] SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products

2017-10-18 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 > === title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version:

[FD] SEC Consult SA-20171130-1 :: OS Command Injection & Reflected Cross Site Scripting in OpenEMR

2017-12-02 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171130-1 > === title: OS Command Injection & Reflected Cross Site Scripting product: OpenEMR vulnerable version: 5.0.0 fixed vers

[FD] SEC Consult SA-20171129-0 :: FortiGate SSL VPN Portal XSS Vulnerability

2017-12-02 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171129-0 > === title: FortiGate SSL VPN Portal XSS Vulnerability product: Fortinet FortiOS vulnerable version: see: Vulnerable / tested ve

[FD] SEC Consult SA-20171213-0 :: VPN credentials disclosure in Fortinet FortiClient

2017-12-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171213-0 > === title: VPN credentials disclosure product: Fortinet FortiClient vulnerable version: <4.4.2335 on Linux, <5.6.

[FD] SEC Consult SA-20171114-0 :: Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTUs SM-2556 COM Modules

2017-11-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > === title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 C

[FD] SEC Consult SA-20171116-0 :: Broken access control & LINQ injection in Progress Sitefinity

2017-11-16 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20171116-0 > === title: Broken access control & LINQ injection product: Progress Sitefinity vulnerable version: 10.0, 10.1 fix

[FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

2018-05-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > === title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed versio

Re: [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

2018-05-15 Thread SEC Consult Vulnerability Lab
The following CVE numbers have been assigned now: XSS issue: CVE-2018-11090 Arbitrary File Upload: CVE-2018-11091 On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 2018

[FD] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

2018-05-16 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 > === title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P

[FD] SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle

2018-05-29 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180529-0 > === title: Unprotected WiFi access & Unencrypted data transfer product: Vgate iCar 2 WiFi OBD2 Dongle vulnerable version: Vgate i

[FD] SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM)

2018-05-03 Thread SEC Consult Vulnerability Lab
We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/ Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ SEC Consult Vulnerability Lab Security Advisory

[FD] SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications

2018-01-22 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 > === title: XXE & Reflected XSS product: Oracle Financial Services Analytical Applications vulnerable version: 7.3.5.x, 8.0.x

[FD] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

2018-01-30 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 > === title: Multiple Vulnerabilities product: Sprecher Automation SPRECON-E-C, PU-2433 vulnerable version: <8.49 (most vulnerabili

[FD] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range

2018-02-01 Thread SEC Consult Vulnerability Lab
We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 2018020

[FD] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro

2018-02-08 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 > === title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: &l

[FD] SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip

2018-02-07 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 > === title: Multiple buffer overflow vulnerabilities product: InfoZip UnZip vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22

[FD] SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors

2018-02-21 Thread SEC Consult Vulnerability Lab
We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 2018022

[FD] SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore

2018-08-16 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180813-0 > === title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed vers

[FD] SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki

2018-09-06 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180906-0 > === title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and older versions fix

[FD] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers

2018-07-04 Thread SEC Consult Vulnerability Lab
-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/ SEC Consult Vulnerability Lab Security Advisory < 20180704-0 > === title: Local root jailbre

[FD] SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers

2018-07-04 Thread SEC Consult Vulnerability Lab
: https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/ SEC Consult Vulnerability Lab Security Advisory < 20180704-1 > ===

[FD] SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers

2018-07-04 Thread SEC Consult Vulnerability Lab
: https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/ SEC Consult Vulnerability Lab Security Advisory < 20180704-2 > === title: Privilege escalation via linux

[FD] SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T

2018-07-11 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180711-0 > === title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version:

[FD] SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS

2018-07-12 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180712-0 > === title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version

[FD] SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail

2018-03-12 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180312-0 > === title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9

[FD] SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net)

2018-03-14 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180314-0 > === title: Arbitrary Shortcode Execution & Local File Inclusion product: WOOF - WooCommerce Products Filter (PluginUs.Net)

[FD] SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server

2018-04-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 > === title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server

[FD] SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products

2018-04-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 > === title: Reflected Cross-Site Scripting product: Zyxel ZyWALL: see "Vulnerable / tested version" vulnerable version: ZLD

[FD] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket

2018-02-27 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 > === title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: <4.0.0 -

[FD] SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management

2018-02-28 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 > === title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: <1.9.17 fixe

  1   2   >