SEC Consult Vulnerability Lab Security Advisory < 20190926-0 >
===
title: Multiple SQL Injection vulnerabilities
product: eBrigade
vulnerable version: <5.0
fixed version: >=5.0
SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >
===
title: Reflected XSS vulnerability
product: OpenProject
vulnerable version: <= 9.0.3, <=10.0.1
fixed version: 9
SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
===
title: FortiGuard XOR Encryption
product: Multiple Fortinet Products (see Vulnerable / tested
versions)
vulnerable version: Mu
Vulnerability Lab
On 25.11.19 14:43, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
> ===
> title: FortiGuard XOR Encryption
> product:
SEC Consult Vulnerability Lab Security Advisory < 20191202-0 >
===
title: Multiple Critical Vulnerabilities
product: SALTO ProAccess SPACE
vulnerable version: <= v5.5
fixed version
SEC Consult Vulnerability Lab Security Advisory < 20191203-0 >
===
title: Multiple vulnerabilites
product: Fronius Solar Inverter Series
vulnerable version: SW Version <3.14.1 (HM 1.12.1)
SEC Consult Vulnerability Lab Security Advisory < 20191211-0 >
===
title: File Extension Spoofing
product: Windows Defender Antivirus
vulnerable version: 4.18.1908.7-0
fixed version:
SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >
===
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 1
SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >
===
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: versi
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
===
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Fi
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
===
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
===
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421,
SEC Consult Vulnerability Lab Security Advisory < 20160825-0 >
===
title: Multiple vulnerabilities
product: Micro Focus GroupWise
vulnerable version: GroupWise 2014 R2
SEC Consult Vulnerability Lab Security Advisory < 20161011-0 >
===
title: XML External Entity Injection (XXE)
product: RSA Enterprise Compromise Assessment Tool (ECAT)
vulnerable version: 4
SEC Consult Vulnerability Lab Security Advisory < 20161114-0 >
===
title: Multiple vulnerabilities
product: I-Panda SolarEagle - Solar Controller Administration
Software / MPPT
SEC Consult Vulnerability Lab Security Advisory < 20161128-0 >
===
title: Denial of service & heap-based buffer overflow
product: Guidance Software EnCase Forensic Imager & EnCase Forens
SEC Consult Vulnerability Lab Security Advisory < 20170207-0 >
===
title: Path Traversal, Backdoor accounts & KNX group address
password bypass
product: JUNG Smart V
SEC Consult Vulnerability Lab Security Advisory < 20170307-0 >
===
title: Unauthenticated OS command injection & arbitrary file
upload
product: Western Digital My Cloud
vulnerable version
SEC Consult Vulnerability Lab Security Advisory < 20170308-0 >
===
title: Multiple vulnerabilities
product: Navetti PricePoint
vulnerable version: 4.6.0.0
fixed version: 4.7.0.0 or
SEC Consult Vulnerability Lab Security Advisory < 20170316-0 >
===
title: Authenticated Command Injection
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
===
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/120
SEC Consult Vulnerability Lab Security Advisory < 20170403-0 >
===
title: Misbehavior of the "fsockopen" function
product: PHP
vulnerable version: 7.1.2
fixed version:
CVE
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
===
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version:
SEC Consult Vulnerability Lab Security Advisory < 20170509-0 >
===
title: Multiple vulnerabilities
product: I, Librarian PDF manager
vulnerable version: <=4.6 & 4.7
fixed version: 4.8
A short demo video is available here:
https://youtu.be/0jZdM9peVSk
SEC Consult Vulnerability Lab Security Advisory < 20170510-0 >
===
title: Insecure Handling Of URI Schemes
product: Microsoft On
A blog post with additional information is available here:
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
We have also released a video showing arbitrary code execution:
https://www.youtube.com/watch?v=1EngNIXSNQw
SEC Consult Vulnerability Lab Security Advisory
SEC Consult Vulnerability Lab Security Advisory < 20170613-0 >
===
title: Access Restriction Bypass
product: Atlassian Confluence
vulnerable version: 4.3.0 - 6.1.1
fixed version: 6.2.1
descriptions:
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
SEC Consult Vulnerability Lab Security Advisory < 20170630-0 >
===
title: Multiple critical vulnerabi
SEC Consult Vulnerability Lab Security Advisory < 20170712-0 >
===
title: Multiple critical vulnerabilities
product: AGFEO Smart Home ES 5xx
AGFEO Smart Home ES 6xx
vuln
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 >
===
title: Open Redirect in Login Page
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >
===
title: Cross-Site Scripting (XSS)
product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP
vulnerable version: Firmware v1.9.1
SEC Consult Vulnerability Lab Security Advisory < 20170804-1 >
===
title: Authenticated Command Injection
product: Ubiquiti Networks UniFi Cloud Key
vulnerable version: Firmware v0.6.1
SEC Consult Vulnerability Lab Security Advisory < 20170804-0 >
===
title: Server Side Request Forgery Vulnerability
product: phpBB
vulnerable version: 3.2.0
fixed version: 3.2.1
CVE
SEC Consult Vulnerability Lab Security Advisory < 20170912-0 >
===
title: Email verification bypass
product: SAP E-Recruiting
vulnerable version: 605, 606, 616, 617
fixed version: see SAP se
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
===
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 S
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
===
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version:
SEC Consult Vulnerability Lab Security Advisory < 20180123-0 >
===
title: XXE & Reflected XSS
product: Oracle Financial Services Analytical Applications
vulnerable version: 7.3.5.x, 8.0.x
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
===
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabili
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018020
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
===
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
===
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: &l
We have published an accompanying blog post to this technical advisory with
further information:
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html
SEC Consult Vulnerability Lab Security Advisory < 2018022
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
===
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 -
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
===
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixe
SEC Consult Vulnerability Lab Security Advisory < 20180312-0 >
===
title: Multiple Critical Vulnerabilities
product: SecurEnvoy SecurMail
vulnerable version: 9.1.501
fixed version: 9.2.
SEC Consult Vulnerability Lab Security Advisory < 20180314-0 >
===
title: Arbitrary Shortcode Execution & Local File Inclusion
product: WOOF - WooCommerce Products Filter (PluginUs.Net)
801 - 846 of 846 matches
Mail list logo