SEC Consult SA-20190926-0 :: Multiple SQL Injection vulnerabilities in eBrigade

SEC Consult Vulnerability Lab Security Advisory < 20190926-0 > === title: Multiple SQL Injection vulnerabilities product: eBrigade vulnerable version: <5.0 fixed version: >=5.0

SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 > === title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9

SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

SEC Consult Vulnerability Lab Security Advisory < 20191125-0 > === title: FortiGuard XOR Encryption product: Multiple Fortinet Products (see Vulnerable / tested versions) vulnerable version: Mu

Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Vulnerability Lab On 25.11.19 14:43, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 20191125-0 > > === > title: FortiGuard XOR Encryption > product:

SEC Consult SA-20191202-0 :: Multiple Critical Vulnerabilities in SALTO ProAccess SPACE

SEC Consult Vulnerability Lab Security Advisory < 20191202-0 > === title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: <= v5.5 fixed version

SEC Consult SA-20191203-0 :: Multiple vulnerabilites in Fronius Solar Inverter Series

SEC Consult Vulnerability Lab Security Advisory < 20191203-0 > === title: Multiple vulnerabilites product: Fronius Solar Inverter Series vulnerable version: SW Version <3.14.1 (HM 1.12.1)

SEC Consult SA-20191211-0 :: File Extension Spoofing in Windows Defender Antivirus

SEC Consult Vulnerability Lab Security Advisory < 20191211-0 > === title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version:

SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

SEC Consult Vulnerability Lab Security Advisory < 20200122-0 > === title: Reflected XSS product: ZOHO ManageEngine ServiceDeskPlus vulnerable version: <= 11.0 Build 11007 fixed version: 1

SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS

SEC Consult Vulnerability Lab Security Advisory < 20200123-0 > === title: Cross-Site Request Forgery (CSRF) product: Umbraco CMS vulnerable version: version 8.2.2 fixed version: versi

SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway

SEC Consult Vulnerability Lab Security Advisory < 20160602-0 > === title: Multiple critical vulnerabilities product: Ubee EVW3226 Advanced wireless voice gateway vulnerable version: Fi

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

SEC Consult Vulnerability Lab Security Advisory < 20160624-0 > === title: XSS and information disclosure vulnerability product: ASUS DSL-N55U router vulnerable version: 3.0.0.4.376_2736

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > === title: Multiple vulnerabilities product: Micro Focus (former Novell) Filr Appliance vulnerable version: Filr 2 <=2.0.0.421,

SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise

SEC Consult Vulnerability Lab Security Advisory < 20160825-0 > === title: Multiple vulnerabilities product: Micro Focus GroupWise vulnerable version: GroupWise 2014 R2

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)

SEC Consult Vulnerability Lab Security Advisory < 20161011-0 > === title: XML External Entity Injection (XXE) product: RSA Enterprise Compromise Assessment Tool (ECAT) vulnerable version: 4

SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2

SEC Consult Vulnerability Lab Security Advisory < 20161114-0 > === title: Multiple vulnerabilities product: I-Panda SolarEagle - Solar Controller Administration Software / MPPT

SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic

SEC Consult Vulnerability Lab Security Advisory < 20161128-0 > === title: Denial of service & heap-based buffer overflow product: Guidance Software EnCase Forensic Imager & EnCase Forens

SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server

SEC Consult Vulnerability Lab Security Advisory < 20170207-0 > === title: Path Traversal, Backdoor accounts & KNX group address password bypass product: JUNG Smart V

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud

SEC Consult Vulnerability Lab Security Advisory < 20170307-0 > === title: Unauthenticated OS command injection & arbitrary file upload product: Western Digital My Cloud vulnerable version

SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint

SEC Consult Vulnerability Lab Security Advisory < 20170308-0 > === title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or

SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170316-0 > === title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS

SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 > === title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/120

SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function

SEC Consult Vulnerability Lab Security Advisory < 20170403-0 > === title: Misbehavior of the "fsockopen" function product: PHP vulnerable version: 7.1.2 fixed version: CVE

SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum

SEC Consult Vulnerability Lab Security Advisory < 20170407-0 > === title: Server Side Request Forgery (SSRF) Vulnerability product: MyBB vulnerable version: 1.8.10 fixed version:

SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager

SEC Consult Vulnerability Lab Security Advisory < 20170509-0 > === title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: <=4.6 & 4.7 fixed version: 4.8

SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App

A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory < 20170510-0 > === title: Insecure Handling Of URI Schemes product: Microsoft On

SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager

A blog post with additional information is available here: http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html We have also released a video showing arbitrary code execution: https://www.youtube.com/watch?v=1EngNIXSNQw SEC Consult Vulnerability Lab Security Advisory

SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence

SEC Consult Vulnerability Lab Security Advisory < 20170613-0 > === title: Access Restriction Bypass product: Atlassian Confluence vulnerable version: 4.3.0 - 6.1.1 fixed version: 6.2.1

SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government

descriptions: http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html SEC Consult Vulnerability Lab Security Advisory < 20170630-0 > === title: Multiple critical vulnerabi

SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products

SEC Consult Vulnerability Lab Security Advisory < 20170712-0 > === title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vuln

SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170724-1 > === title: Open Redirect in Login Page product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE

SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170724-0 > === title: Cross-Site Scripting (XSS) product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1

SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection

SEC Consult Vulnerability Lab Security Advisory < 20170804-1 > === title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware v0.6.1

SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability

SEC Consult Vulnerability Lab Security Advisory < 20170804-0 > === title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE

SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting

SEC Consult Vulnerability Lab Security Advisory < 20170912-0 > === title: Email verification bypass product: SAP E-Recruiting vulnerable version: 605, 606, 616, 617 fixed version: see SAP se

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++

SEC Consult Vulnerability Lab Security Advisory < 20171016-0 > === title: Multiple vulnerabilities product: Micro Focus VisiBroker C++ vulnerable version: 8.5 SP2 fixed version: 8.5 S

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products

SEC Consult Vulnerability Lab Security Advisory < 20171018-1 > === title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version:

SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications

SEC Consult Vulnerability Lab Security Advisory < 20180123-0 > === title: XXE & Reflected XSS product: Oracle Financial Services Analytical Applications vulnerable version: 7.3.5.x, 8.0.x

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

SEC Consult Vulnerability Lab Security Advisory < 20180131-0 > === title: Multiple Vulnerabilities product: Sprecher Automation SPRECON-E-C, PU-2433 vulnerable version: <8.49 (most vulnerabili

SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range

We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 2018020

SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip

SEC Consult Vulnerability Lab Security Advisory < 20180207-0 > === title: Multiple buffer overflow vulnerabilities product: InfoZip UnZip vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22

SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro

SEC Consult Vulnerability Lab Security Advisory < 20180208-0 > === title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: &l

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors

We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 2018022

SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket

SEC Consult Vulnerability Lab Security Advisory < 20180227-0 > === title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: <4.0.0 -

SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management

SEC Consult Vulnerability Lab Security Advisory < 20180228-0 > === title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: <1.9.17 fixe

SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail

SEC Consult Vulnerability Lab Security Advisory < 20180312-0 > === title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.

SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net)

SEC Consult Vulnerability Lab Security Advisory < 20180314-0 > === title: Arbitrary Shortcode Execution & Local File Inclusion product: WOOF - WooCommerce Products Filter (PluginUs.Net)

<    4   5   6   7   8   9