Headline
CVE-2022-25241: Security Advisories - usd HeroLab
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur Förderung des Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele sie zu ihrer Aufgabe machen.
Unsere CST Academy und das usd HeroLab sind wesentliche Bestandteile unserer Sicherheitsmission. Das Wissen, das wir in unserer praktischen Arbeit und durch unsere Forschung gewinnen, teilen wir in Schulungen und Publikationen. In diesem Zusammenhang veröffentlicht das usd HeroLab eine Reihe von Beiträgen zu aktuellen Schwachstellen und Sicherheitsproblemen – stets im Einklang mit den Leitsätzen unserer Responsible Disclosure Policy.
Immer im Namen unserer Mission: „more security“.
Hier finden Sie die Security Advisories der vergangenen Monate:
09/2020
!!nicht bearbeiten!!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
usd-2020-0048 (CVE-2020-24708) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0048 (CVE-2020-24708)
usd-2020-0049 (CVE-2020-24709) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0049 (CVE-2020-24709)
usd-2020-0050 (CVE-2020-24712) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: non-persistent self Cross-Site Scripting
More details: usd-2020-0050 (CVE-2020-24712)
usd-2020-0051 (CVE-2020-24711) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Improper Restriction of Rendered UI Layers or Frames
More details: usd-2020-0051 (CVE-2020-24711)
usd-2020-0052 (CVE-2020-24707) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: CSV Injection
More details: usd-2020-0052 (CVE-2020-24707)
usd-2020-0053 (CVE-2020-24713) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Insufficient Session Expiration
More details: usd-2020-0053 (CVE-2020-24713)
usd-2020-0054 (CVE-2020-24710) | Gophish
Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting
More details: usd-2020-0054 (CVE-2020-24710)
usd-2020-0059 (CVE-2020-15862) | Net-SNMP
Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges
More details: usd-2020-0059 (CVE-2020-15862)
usd-2020-0060 (CVE-2020-15861) | Net-SNMP
Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges
More details: usd-2020-0060 (CVE-2020-15861)
07/2019
!!nicht bearbeiten!!
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
usd-2019-0001 | Adobe Experience Manager (AEM)
Product: Adobe Experience Manager (AEM), Affected Version: 6.3.2.2
Vulnerability Type: Code Injection
More details: usd-2019-0001
usd-2019-0002 | feeling4design Super Forms
Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.0.0 – 4.4.8
Vulnerability Type: Path Traversal
More details: usd-2019-0002
usd-2019-0003 | feeling4design Super Forms
Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.6.1 – 4.4.8
Vulnerability Type: Missing Server Side File Type Validation
More details: usd-2019-0003
usd-2019-0014 | Oracle Transportation Management (OTM)
Product: Oracle Transportation Management (OTM), Affected Version: 6.4.3
Vulnerability Type: Reflected XSS
More details: usd-2019-0014
usd-2019-0015 | Bitbucket
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Broken Access Control
More details: usd-2019-0015
usd-2019-0017 | Bitbucket
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data Exposure/Credentials Disclosure
More details: usd-2019-0017
usd-2019-0018 | Bitbucket
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: User Enumeration
More details: usd-2019-0018
usd-2019-0019 | Bitbucket
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: File Enumeration
More details: usd-2019-0019
usd-2019-0020 | Bitbucket
Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data in URL
More details: usd-2019-0020
12/2018
Ihr Titel
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
usd-2018-0024 | Shpock App
Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration
More details: usd-2018-0024
usd-2018-0025 (CVE-2018-7750) | SEP sesam
Product: SEP sesam, Affected Version: 4.4.3.61
Vulnerability Type: Authentication Bypass
More details: usd-2018-0025 (CVE-2018-7750)
usd-2018-0026 (CVE-2018-18245) | Nagios Core
Product: Nagios Core, Affected Version: 4.4.2
Vulnerability Type: Stored XSS
More details: usd-2018-0026 (CVE-2018-18245)
usd-2018-0027 (CVE-2018-18246) | Icinga Web 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: CSRF
More details: usd-2018-0027 (CVE-2018-18246)
usd-2018-0028 (CVE-2018-18248) | Icinga Web 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Reflected XSS
More details: usd-2018-0028 (CVE-2018-18248)
usd-2018-0029 (CVE-2018-18247) | Icinga Web 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Stored XSS
More details: usd-2018-0029 (CVE-2018-18247)
usd-2018-0030 (CVE-2018-18249, CVE-2018-18250) | Icinga Web 2
Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Denial of Service, Sensitive Data disclosure
More details: usd-2018-0030 (CVE-2018-18249, CVE-2018-18250)
usd-2018-0031 (CVE-2018-13376) | Fortigate 900D
Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA)
Vulnerability Type: Sensitive Data disclosure
More details: usd-2018-0031 (CVE-2018-13376)