Title:
==
AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal
Author:
===
Jens Regel, CRISEC IT-Security
CVE:
CVE-2022-23854
Advisory:
=
https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/
Timeline:
=
25.06.2021
Title: SolarWinds MSP PME Cache Service - Insecure File Permissions /
Code Execution
Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608
CVSSv3: 8.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H]
CVE:
Title:
==
CommSy <= 8.6.5 - SQL injection
Researcher:
===
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
CVE-ID:
===
CVE-2019-11880
Timeline:
=
2019-04-15 Vulnerability discovered
2019-04-15 Asked for security contact and PGP key
2019-04-16 S
Title:
==
ELO (Elektronischer Leitz-Ordner) 9/10 - Time-Based blind SQL injection
Researcher:
===
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
CVE-ID:
===
CVE-2018-10197
Risk Information:
=
CVSS Base Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A
Please disclose, thanks.
--
Regards,
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
Title:
==
3CX Phone System - Authenticated Directory Traversal
Author:
===
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
CVE-ID:
===
CVE-2017-15359