RWS WorldServer versions 11.7.3 and below suffer from a session token enumeration vulnerability.
3809eddfb426d1ed940f1b902726114b7c7322dfe9d241fc6e98fd22830832ca
Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
2d21823c888f2d2b908cd05eb0a2166fac4b33a4729b2a9f4b52422d2a88a0f7
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.
fa1fddffe139a0d576a787664aa6b3b1d1207ed373110904ad3b88fa8d1e4370
RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor.
2b7e66ad19b6068e6af38b37416a2c3c4c1dbb9a1a959f50323d828c81b0520e
RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor.
aa2ffadd37f8b53f7521b5331aff0f56f21b08999e7e3839a9709f9b42d32d19
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.
0ef1e407d0628e9e533465222b68937646fa1649db7cb36d50953a7f19722bfc
RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.
fdf7195ccf0d6541be985c8d496c6247eb5c5e6f97854845e3c59933dda9393d
RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.
942511fa9b0bd63bd49cf08b8956b08f9864c3d173a12a505da9fb6a9e650162
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.
d43f74be6b638e83ded4b3a857321d730eb67572bbb1a0727c4cb51696981314
CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability.
d1f14348574dde4087832b307cbde895ac38061a530c090febaa92dc0e73f9ff
Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart.
0c973cc0b8b396e326136493e77ee67e1e021b531a57d187e3ca1760ce5aca8a
RedTeam Pentesting discovered an arbitrary redirect vulnerability in the redirect mechanism of the application lifecycle management platform Tuleap. Versions prior to 9.17.99.93 are affected.
4ee245fc410a2b477c410f689faaa169f5218c550f09341b6b468f1cddf894a7
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the document's signature. This might lead to a complete bypass of authorisation mechanisms. Versions prior to 2.6.1 are affected.
3161025b44bdf506c94fc43a995ecee6fe36a5a17cca6bee9d2de7e64bc0814f
Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40 and below are affected.
ed8acdbe74a60413ec64bf7ee626907c637009037aa099593ef2ffdb4b694c81
RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites and is set without any user interaction as soon as the website is accessed. Version 2.0.15.109 is affected.
09c0e3cd68348e506a9714a171060413afaa79dbee57b201c4d67e7fd6a31b1c
RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is accessed. However, the browser must run with administrative privileges. Version 2.0.15.109 is affected.
16d24709c0cb5cba7e8f5f98b3f1f03545ac4ec24730922aafb7e643bd7c27d7
RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrity of printed documents cannot be guaranteed. Version 2.0.15.109 is affected.
d5d5ce3f3fb5bf4d769947dc95fa513fec9e066196c762f799c032bd2ce628d1
WebClientPrint Processor version 2.0.15.109 suffers from a remote code execution vulnerability via print jobs.
76fbb2cc02917553f3f3564e781c290894efa3b6b06fcd52855df0eeb4b137ec
TYPO3 Formhandler version 2.4.0 suffers from a cross site scripting vulnerability.
1d3622f0e4f3d15078215547598f31908bda1104d6de15ccb96b0669109dc293
RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
becde93c067e78ba68597a35f6d477408561832538f83bbfc9c5867a28459d85
RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.
acd4c88b4e6b269475472b9ac9f07228d4f40087768925bc7eb00ecfecd3522c
RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.
566d35f51e7eacf080b67dde2ac3e518fc64eab804ca996a361d492a9d1e33b8
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
73f166953c9826d6cb5ced2e73d23f83f1666942751bbe3a859d6bd211d10a9a
RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
24d8f1cffd703098f7bc99803e67978d1404d5582276c79f31555172622b593b
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
4b2a83e33f783d6780df2b94816103795f01791ce55f04a8febcf31ae4a50c00
RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
c1999c59bf1a49e27b345dcd1c7259a0a82d09f67464808f16ff746ad4c41449