[FD] AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal

Title: == AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: === Jens Regel, CRISEC IT-Security CVE: CVE-2022-23854 Advisory: = https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: = 25.06.2021

[FD] SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution

Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3: 8.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H] CVE:

[FD] [CVE-2019-11880] CommSy <= 8.6.5 - SQL injection

Title: == CommSy <= 8.6.5 - SQL injection Researcher: === Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: === CVE-2019-11880 Timeline: = 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 S

[FD] [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection

Title: == ELO (Elektronischer Leitz-Ordner) 9/10 - Time-Based blind SQL injection Researcher: === Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: === CVE-2018-10197 Risk Information: = CVSS Base Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A

[FD] [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal

Please disclose, thanks. -- Regards, Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Title: == 3CX Phone System - Authenticated Directory Traversal Author: === Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: === CVE-2017-15359