what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Marius Schwarz

PubliXone 2019.045 Account Takeover / XSS / File Download

Posted Oct 26, 2020

Authored by Marius Schwarz | Site sec-consult.com

PubliXone version 2019.045 suffers from cross site scripting, account takeover, missing access control, hardcoded keys, and file download vulnerabilities.

tags | advisory, vulnerability, xss

advisories | CVE-2020-27179, CVE-2020-27180, CVE-2020-27181, CVE-2020-27182, CVE-2020-27183

SHA-256 | 335b0ed6593ae546e5391338f5409fe47a059f9e6c4983c15c5039a0bf3c1935

Download | Favorite | View

Miss Marple Enterprise Edition File Upload / Hardcoded AES Key

Posted Nov 21, 2018

Authored by Marius Schwarz | Site sec-consult.com

Miss Marple Enterprise Edition versions prior to 2.0 suffer from arbitrary file upload, hardcoded AES key, validation bypass, and other vulnerabilities.

tags | advisory, arbitrary, vulnerability, file upload

advisories | CVE-2018-19233, CVE-2018-19234

SHA-256 | 3fddd6e7c2ff2e1be06afc03420fb99302456521d5526ecfc13ac68c1edf45e6

Download | Favorite | View