Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25241: Security Advisories - usd HeroLab

In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).

CVE
#xss#csrf#vulnerability#web#ios#mac#dos#oracle

Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur Förderung des Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele sie zu ihrer Aufgabe machen.

Unsere CST Academy und das usd HeroLab sind wesentliche Bestandteile unserer Sicherheitsmission. Das Wissen, das wir in unserer praktischen Arbeit und durch unsere Forschung gewinnen, teilen wir in Schulungen und Publikationen. In diesem Zusammenhang veröffentlicht das usd HeroLab eine Reihe von Beiträgen zu aktuellen Schwachstellen und Sicherheitsproblemen – stets im Einklang mit den Leitsätzen unserer Responsible Disclosure Policy.

Immer im Namen unserer Mission: „more security“.

Hier finden Sie die Security Advisories der vergangenen Monate:

09/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0048 (CVE-2020-24708) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0048 (CVE-2020-24708)

usd-2020-0049 (CVE-2020-24709) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0049 (CVE-2020-24709)

usd-2020-0050 (CVE-2020-24712) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: non-persistent self Cross-Site Scripting

More details: usd-2020-0050 (CVE-2020-24712)

usd-2020-0051 (CVE-2020-24711) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Improper Restriction of Rendered UI Layers or Frames

More details: usd-2020-0051 (CVE-2020-24711)

usd-2020-0052 (CVE-2020-24707) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: CSV Injection

More details: usd-2020-0052 (CVE-2020-24707)

usd-2020-0053 (CVE-2020-24713) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Insufficient Session Expiration

More details: usd-2020-0053 (CVE-2020-24713)

usd-2020-0054 (CVE-2020-24710) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0054 (CVE-2020-24710)

usd-2020-0059 (CVE-2020-15862) | Net-SNMP

Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges

More details: usd-2020-0059 (CVE-2020-15862)

usd-2020-0060 (CVE-2020-15861) | Net-SNMP

Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges

More details: usd-2020-0060 (CVE-2020-15861)

07/2019

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0001 | Adobe Experience Manager (AEM)

Product: Adobe Experience Manager (AEM), Affected Version: 6.3.2.2
Vulnerability Type: Code Injection

More details: usd-2019-0001

usd-2019-0002 | feeling4design Super Forms

Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.0.0 – 4.4.8
Vulnerability Type: Path Traversal

More details: usd-2019-0002

usd-2019-0003 | feeling4design Super Forms

Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.6.1 – 4.4.8
Vulnerability Type: Missing Server Side File Type Validation

More details: usd-2019-0003

usd-2019-0014 | Oracle Transportation Management (OTM)

Product: Oracle Transportation Management (OTM), Affected Version: 6.4.3
Vulnerability Type: Reflected XSS

More details: usd-2019-0014

usd-2019-0015 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Broken Access Control

More details: usd-2019-0015

usd-2019-0017 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data Exposure/Credentials Disclosure

More details: usd-2019-0017

usd-2019-0018 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: User Enumeration

More details: usd-2019-0018

usd-2019-0019 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: File Enumeration

More details: usd-2019-0019

usd-2019-0020 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data in URL

More details: usd-2019-0020

12/2018

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0024 | Shpock App

Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration

More details: usd-2018-0024

usd-2018-0025 (CVE-2018-7750) | SEP sesam

Product: SEP sesam, Affected Version: 4.4.3.61
Vulnerability Type: Authentication Bypass

More details: usd-2018-0025 (CVE-2018-7750)

usd-2018-0026 (CVE-2018-18245) | Nagios Core

Product: Nagios Core, Affected Version: 4.4.2
Vulnerability Type: Stored XSS

More details: usd-2018-0026 (CVE-2018-18245)

usd-2018-0027 (CVE-2018-18246) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: CSRF

More details: usd-2018-0027 (CVE-2018-18246)

usd-2018-0028 (CVE-2018-18248) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Reflected XSS

More details: usd-2018-0028 (CVE-2018-18248)

usd-2018-0029 (CVE-2018-18247) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Stored XSS

More details: usd-2018-0029 (CVE-2018-18247)

usd-2018-0030 (CVE-2018-18249, CVE-2018-18250) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Denial of Service, Sensitive Data disclosure

More details: usd-2018-0030 (CVE-2018-18249, CVE-2018-18250)

usd-2018-0031 (CVE-2018-13376) | Fortigate 900D

Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA)
Vulnerability Type: Sensitive Data disclosure

More details: usd-2018-0031 (CVE-2018-13376)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907