The following is a list of published vulnerabilities by OSI Security staff;
- Apache Tomcat & Symantec PGP Web Email Protection - Directory Traversal vulnerability (fixed July 2020).
- Mitel MiCollab - SQL Injection (fixed June 2019).
- Apache http mod_speling HTTP Referrer Cross-site scripting vulnerability.
- Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference.
- SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package vulnerabilities.
- SilverStripe CMS - Path Disclosure.
- Tweek!DM Document Management Authentication bypass, SQL injection vulnerabilities.
- Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities.
- AcoraCMS browser redirect and Cross-site scripting vulnerabilities.
- Kaseya information disclosure vulnerability.
- iPlatinum iOneView Multiple Parameter Reflected XSS.
- Lantern CMS Path Disclosure, SQL Injection, Reflected XSS.
- Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure.
- Obsecure360 Framework SQL Injection, Path Disclosure, Reflected XSS.
- Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities.
- Moodle URL Manipulation Remote Account Information Disclosure.
- Inchoo Facebook Connect Extension for Magento Parameter XSS.
- AirWatch Self Service Portal Username Parameter LDAP Injection.
- Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection.
- Lotus Protector for Mail Security remote code execution.
- Kaseya Parameter Reflected XSS, Enumeration and Bruteforce Weakness.
- CheckPoint Firewall - SecuRemote Hostname and SmartCenter Information Disclosure.
- Squiz Matrix - User Account Enumeration.
- Cyberoam UTM - Authenticated Cross-site Scripting.
- JFreeChart - Path Disclosure.
- Squiz Matrix - Cross Site Scripting.
- Civica Spydus Library Management System - Cross Site Scripting.
- LANSA aXes Web Terminal (TN5250) Cross-Site Scripting.
- Paessler - PRTG Traffic Grapher Cross Site Scripting.
- Blue Arc Group - IgnitionSuite Web Content Management System Information Disclosure / Unauthenticated Unsubscription.
- Iomega StorCenter Pro Session Identifier Prediction Weakness.
- SonicWALL SSL-VPN cgi-bin/welcome/VirtualOffice err Parameter Remote Format String.
- ContentKeeper Authentication Bypass, Remote Code Execution & Privilege Escalation.
- ConnX frmLoginPwdReminderPopup.aspx txtEmail Parameter SQL Injection.
- Asbru Web Content Management - SQL Injection and XSS.
- Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow.
- Tumbleweed SecureTransport FileTransfer ActiveX TransferFile() Method remoteFile Variable Overflow.
- RemotelyAnywhere HTTP Service /img/ XSS.
- webMethods Glue Management Console resource Parameter Traversal Arbitrary File Access.
- Google Mini Search Appliance client Parameter Path Disclosure.
- ContentKeeper cgi-bin/ck/changepw.cgi Cleartext Password Disclosure.
- MySource Matrix sq_remote_page_url Function Unauthorised Proxy and Cross Site Scripting.
- Computer Associates eTrust Security Command Center - Multiple Vulnerabilities.
- Apple Safari Javascript Crafted Function Body DoS.
|
|