Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Vulnerability Disclosure 18/December/2018 Critical vulnerability is identified in Aligera products The vulnerability allows an attacker to gain full control of the device
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Vulnerability Disclosure 18/December/2018 Critical vulnerability is identified in Aligera products The vulnerability allows an attacker to gain full control of the device
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
