CSNC-2016-001 - XSS in OpenAM

2016-02-23 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html # # # CSNC ID: CSNC-2016-001 # Product: OpenAM [1] # Vendor: ForgeRock

CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM)

2016-02-23 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # # # CSNC ID: CSNC-2015-011 # CVE ID :CVE-2015-0955 # Product: Adobe Experience Manager (AEM)

CSNC-2016-002 - Open Redirect in OpenAM

2016-02-23 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html # # # CSNC ID: CSNC-2016-002 # Product: OpenAM [1] # Vendor: ForgeRock

RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

2015-10-07 Thread Alexandre Herzog
of September (!) but did not yet publish… Thanks, Alexandre ​ PS: sorry if you get multiple emails, looks like the mail daemon of bugtraq hates S/MIME or PGP signatures in replies... -- From: Joe G <joseph.giro...@gmail.com> Sent: Tuesday, October 6, 2015 7:01 PM To: Alexandre Herzog Cc: b

Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img

2015-10-06 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: Netgear Router Firmware N300_1.1.0.31_1.0.1.img # and

SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer

2014-10-13 Thread Alexandre Herzog
### # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ### # # Product: BusinessObjects Explorer # Vendor:SAP

SAP Security Note 1908531 - XXE in BusinessObjects Explorer

2014-10-13 Thread Alexandre Herzog
### # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ### # # Product: BusinessObjects Explorer # Vendor:SAP

CSNC-2014-004 neuroML - Multiple Vulnerabilities

2014-10-13 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: neuroML # Version: =v1.8.1 (Confirmed: v1.8.1) # Vendor: neuroML.org # CSNC

SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer

2014-10-13 Thread Alexandre Herzog
### # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ### # # Product: BusinessObjects Explorer # Vendor:SAP

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

2014-05-20 Thread Alexandre Herzog
: none # Subject: SMTP Header Injection via method setSubject # Risk: Medium # Effect: Remotely exploitable # Author: Alexandre Herzog alexandre.her...@csnc.ch # Date: 19.05.2014 # # Introduction

CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers

2014-01-16 Thread Alexandre Herzog
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: Plone CMS # Vendor: Plone Foundation (http://plone.org) # ID(s):

[CVE-2013-2764] Secure Entry Server - URL Redirection

2013-12-18 Thread Alexandre Herzog
ID: CSNC-2013-008 # CVD ID: CVE-2013-2764 # Subject: URL Redirection # Risk: High # Effect: Remotely exploitable # Author: Alexandre Herzog alexandre.her...@csnc.ch # Date: 18.12.2013 # # Introduction: - The USP

[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities

2013-12-18 Thread Alexandre Herzog
: Alexandre Herzog alexandre.her...@csnc.ch # Date: 18.12.2013 # # Introduction: - Leed is a lightweight RSS/ATOM aggregator based on PHP. It can be hosted on any server supporting PHP and aims to be an alternative