[FD] SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)

SEC Consult Vulnerability Lab Security Advisory < 20240307-0 > === title: Local Privilege Escalation via writable files product: Checkmk Agent vulnerable version: 2.0.0, 2.1.0, 2.2.0 fixed versi

[FD] SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 > === title: Local Privilege Escalation via DLL Hijacking product: Qognify VMS Client Viewer vulnerable version: >=7.1 fixed version:

[FD] SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH)

SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > === title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version: <= 18.1.4 and <= 18.1

[FD] SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS

SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > === title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: <4.46.0, <3.4.17 fixed ve

[FD] SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator

SEC Consult Vulnerability Lab Security Advisory < 20231211-0 > === title: Local Privilege Escalation via MSI installer product: PDF24 Creator (geek Software GmbH) vulnerable version: <=11.15.1 f

[FD] SEC Consult SA-20231206 :: Kiosk Escape Privilege Escalation in One Identity Password Manager Secure Password Extension

SEC Consult Vulnerability Lab Security Advisory < 20231206-0 > === title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: <5.13.1

[FD] SEC Consult SA-20231205 :: Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (SBC), Branch, BCF

SEC Consult Vulnerability Lab Security Advisory < 20231205-0 > === title: Argument injection leading to unauthenticated RCE and authentication bypass product: Atos Unify OpenScape S

[FD] SEC Consult SA-20231005 :: Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

SEC Consult Vulnerability Lab Security Advisory < 20231005-0 > === title: Open Redirect in BSP Test Application it00 (Bypass for CVE-2020-6215 Patch) product: SAP® Application Serve

[FD] SEC Consult SA-20230927-0 :: Multiple Vulnerabilities in SAP® Enable Now Manager

SEC Consult Vulnerability Lab Security Advisory < 20230927-0 > === title: Multiple Vulnerabilities product: SAP® Enable Now Manager vulnerable version: 10.6.5 (Build 2804) Cloud Edition fixed ve

[FD] SEC Consult SA-20230925-0 :: Stored Cross-Site Scripting in mb Support broker management solution openVIVA c2

SEC Consult Vulnerability Lab Security Advisory < 20230925-0 > === title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: <20220801 fix

[FD] SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > === title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border

[FD] SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC - Codebeamer (ALM Solution)

SEC Consult Vulnerability Lab Security Advisory < 20230829-0 > === title: Reflected Cross-Site Scripting (XSS) product: PTC - Codebeamer (ALM Solution) vulnerable version: <=22.10-SP7, <=22.04-SP5, <=2

[FD] SEC Consult SA-20230705-0 :: Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 > === title: Path traversal bypass & Denial of service product: Kyocera TASKalfa 4053ci printer vulnerable version: TASKalfa 4053ci Version

[FD] SEC Consult SA-20230703-0 :: Multiple Vulnerabilities including Unauthenticated RCE in Siemens A8000

SEC Consult Vulnerability Lab Security Advisory < 20230703-0 > === title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE (6MF2805-0AA00)

[FD] SEC Consult Vulnerability Lab Whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later

SEC Consult Vulnerability Lab Whitepaper < 20230629-0 > === Title: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RF

[FD] SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App

SEC Consult Vulnerability Lab Security Advisory < 20230628-0 > === title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: <13.83 fixed version: >=13

[FD] SEC Consult SA-20230627-0 :: Multiple high risk vulnerabilities in ILIAS eLearning platform

SEC Consult Vulnerability Lab Security Advisory < 20230627-0 > === title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below

[FD] SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)

SEC Consult Vulnerability Lab Security Advisory < 20230517-0 > === title: Stored XSS vulnerability in rename functionality product: Wekan (Open-Source kanban) vulnerable version: <=6.74 fixed ve

[FD] SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software

SEC Consult Vulnerability Lab Security Advisory < 20230516-0 > === title: Multiple Vulnerabilities product: Serenity and StartSharp Software vulnerable version: < 6.7.1 fixed version: 6.7.1 or h

[FD] SEC Consult SA-20230515-0 :: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App

SEC Consult Vulnerability Lab Security Advisory < 20230515-0 > === title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: <=3.8.49 fixed v

[FD] SEC Consult SA-20230502-0 :: Bypassing cluster isolation through insecure defaults and shared storage in Databricks Platform

SEC Consult Vulnerability Lab Security Advisory < 20230502-0 > === title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Platform vul

[FD] SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway

SEC Consult Vulnerability Lab Security Advisory < 20230306-0 > === title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18_041520_711.NCS.10 fixed

[FD] SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN

SEC Consult Vulnerability Lab Security Advisory < 20230228-0 > === title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: < v8.* hotfix 1089 fixed version: v8.* with hot

[FD] SEC Consult SA-20230117-2 :: Multiple post-authentication vulnerabilities including RCE in @OpenText Content Server component of OpenText Extended ECM

SEC Consult Vulnerability Lab Security Advisory < 20230117-2 > === title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM

[FD] SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

SEC Consult Vulnerability Lab Security Advisory < 20230117-1 > === title: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint product: OpenText™ Content Serve

[FD] SEC Consult SA-20230117-0 :: Pre-authenticated Remote Code Execution in cs.exe (@OpenText Content Server component of OpenText Extended ECM)

SEC Consult Vulnerability Lab Security Advisory < 20230117-0 > === title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extended ECM vulner

[FD] SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)

SEC Consult Vulnerability Lab Security Advisory < 20221216-0 > === title: Remote code execution - CVE-2021-34427 bypass product: Eclipse Business Intelligence Reporting Tool (BiRT) vulnerable version:

[FD] SEC Consult Vulnerability Lab publication: The enemy from within: Unauthenticated Buffer Overflows in Zyxel routers still haunting users & metasploit exploit

Hi, earlier this year in February 2022, we published a technical security advisory - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ - on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practic

[FD] SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)

SEC Consult Vulnerability Lab Security Advisory < 20221213-0 > === title: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) product: SAP® Host Agent (saposcol) vu

[FD] SEC Consult SA-20221206-0 :: Multiple critical vulnerabilities in ILIAS eLearning platform

SEC Consult Vulnerability Lab Security Advisory < 20221206-0 > === title: Multiple critical vulnerabilities product: ILIAS eLearning platform vulnerable version: <= 7.15 fixed version: 7.16

[FD] SEC Consult SA-20221201-0 :: Replay attacks & Displaying arbitrary contents in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels)

SEC Consult Vulnerability Lab Security Advisory < 20221201-0 > === title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol

[FD] SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

SEC Consult Vulnerability Lab Security Advisory < 20221114-0 > === title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: <5.45.0 Community:

[FD] SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

SEC Consult Vulnerability Lab Security Advisory < 20221110-0 > === title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 (= 20.02 in new versioning scheme) fixed versio

[FD] SEC Consult SA-20221109-0 :: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier manager (Lieferantenmanager)

SEC Consult Vulnerability Lab Security Advisory < 20221109-0 > === title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager (Lieferantenmanager) vulnerable version: < 5.6

[FD] SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon

SEC Consult Vulnerability Lab Security Advisory < 20220923-0 > === title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon (Diagnostic Log and Trace) Connected

[FD] SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk)

SEC Consult Vulnerability Lab Security Advisory < 20220915-0 > === title: Local privilege escalation product: SAP® SAPControl Web Service Interface (sapuxuserchk) vulnerable version: see section "Vulne

[FD] SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter

SEC Consult Vulnerability Lab Security Advisory < 20220914-0 > === title: Improper Access Control product: SAP® SAProuter vulnerable version: see section "Vulnerable / tested versions" fixed ver

[FD] SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

SEC Consult Vulnerability Lab Security Advisory < 20220615-0 > === title: Hardcoded Backdoor User and Outdated Software Components product: Nexans FTTO GigaSwitch industrial/office switches HW version 5

[FD] SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect

SEC Consult Vulnerability Lab Security Advisory < 20220614-0 > === title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version: <=V3.0.1.0-01.01.00.02 fixed v

[FD] SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 > === title: Multiple vulnerabilities product: SoftGuard SNMP Network Management Extension vulnerable version: SoftGuard Web (SGW) < 5.1.5

[FD] SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 > === title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see section below

[FD] SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 > === title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version: None

[FD] SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 > === title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-b

[FD] SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 > === title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0

[FD] SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 > === title: Multiple Critical Vulnerabilities product: Poly EagleEye Director II vulnerable version: 2.2.1.1 (Jul 1, 2021) fixed ver

[FD] SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 > === title: Backdoor account product: Korenix JetPort 5601V3 vulnerable version: Firmware version 1.0 fixed version: None

[FD] SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components)

SEC Consult Vulnerability Lab Security Advisory < 20220518-0 > === title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform (Different Softw

[FD] SEC Consult SA-20220505-0 :: Password Reset Poisoning Attack in Craft CMS

SEC Consult Vulnerability Lab Security Advisory < 20220505-0 > === title: Password Reset Poisoning Attack product: Craft CMS vulnerable version: 3.7.36 and potentially lower fixed version: none,

[FD] SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool

SEC Consult Vulnerability Lab Security Advisory < 20220427-0 > === title: Privilege Escalation product: Miele Benchmark Programming Tool vulnerable version: at least 1.1.49 and 1.2.71 fixed vers

[FD] SEC Consult SA-20220413 :: Missing Authentication at File Download & Denial of Service in Siemens A8000 PLC

SEC Consult Vulnerability Lab Security Advisory < 20220413-0 > === title: Missing Authentication at File Download & Denial of Service product: Siemens A8000 CP-8050/CP-8031 SICAM WEB vulnerable versio

[FD] SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices

SEC Consult Vulnerability Lab Security Advisory < 20220215-0 > === title: Multiple Critical Vulnerabilities product: Multiple Zyxel devices vulnerable version: For affected products see "Solution" sect

[FD] SEC Consult SA-20220209 :: Open Redirect in Login Page in SIEMENS-SINEMA Remote Connect

SEC Consult Vulnerability Lab Security Advisory < 20220209-0 > === title: Open Redirect in Login Page product: SIEMENS-SINEMA Remote Connect vulnerable version: V1.0 SP3 HF1 fixed version: V2.0