1. Home
  2. Resources
  3. CVEs & Advisories

CVEs & Advisories

At Context we are committed to ensuring and improving the security of our clients. Whether for clients or our own purposes, we regularly carry out independent security audits and vulnerability research against third-party software and hardware products.

Identifier Description Product Author Date
CVE-2019-15747 Privilege Escalation via Client-Side-Source Manipulation SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-15750 Cross-Site-Scripting - Non-Persistent SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-15749 Account Takeover SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-15748 Authorisation Bypass SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-15751 Unrestricted File Upload via SCORM File SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-15746 PHP Command Injection SITOS Six Build v6.2.1 Dennis Herrmann and Andre Waldhoff October 2019
CVE-2019-6113 Directory Traversal Onkyo TX-NR686 – 1030-5000-1040-0010 Michael Skiba August 2019
CVE-2018-15513 Privilege Escalation Totemomail 6.0.0 Michael Skiba, Andre Waldhoff, Carsten Sandker August 2019
CVE-2018-15512 Cross-Site Scripting Totemomail 6.0.0 Michael Skiba, Andre Waldhoff, Carsten Sandker August 2019
CVE-2018-15511 Cross-Site Scripting Totemomail 6.0.0 Michael Skiba, Andre Waldhoff, Carsten Sandker August 2019
CVE-2018-15510 Cross-Site Scripting Totemomail 6.0.0 Michael Skiba, Andre Waldhoff, Carsten Sandker August 2019
CVE-2018-18379 Cross Site Scripting (XSS) Elementor LTD Christopher Vella October 2018
CVE-2018-12944 Persistent Cross-Site Scripting (XSS) SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12943 Cross Site Scripting (XSS) SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12942 SQL Injection SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12941 Remote Code Execution SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12940 Unrestricted File Upload SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-12939 Directory Traversal SeedDMS Dennis Herrmann and Malte Poll July 2018
CVE-2018-6493 SQL Injection HP Network Automation Tilman Bender, Dennis Herrmann and Bastian Kanbach June 2018
CVE-2018-6492 Cross-Site Scripting (XSS) HP Network Automation Tilman Bender, Dennis Herrmann and Bastian Kanbach June 2018
Hyperoptic ZTE home routers Hardcoded account allows compromise of all Hyperoptic ZTE home routers ZTE H298N and ZTE H298A Dan Cater April 2018
CVE-2017-9377 Command Injection Vulnerability on ClickShare Base Units ClickShare Base Units Claudio Moletta September 2017
CVE-2017-8419 Multiple stack and heap corruptions from malicious file Lame 3.99.5 MP3 Gareth Evans May 2017
Mitel 17-0003 Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) Mitel UC360 Tom Moreton February 2017
Mitel 17-0002 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) Mitel UC360 Tom Moreton February 2017
CVE-2017-5669 Shmat syscall allows null-page protection bypass Linux Gareth Evans January 2017
CVE-2016-7742 Opening a maliciously crafted archive may lead to arbitrary code execution MacOS Gareth Evans December 2016
CVE-2016-7086 Local privileges escalation in VMware installer VMware Adam Bridge September 2016
CVE-2016-7988 No Permissions on SET_WIFI Broadcast receiver Android Tom Court August 2016
CVE-2016-7991 omacp app ignores security fields in OMA CP message Android Tom Court August 2016
CVE-2016-7990 Integer overflow in libomacp.so Android Tom Court August 2016
CVE-2016-7989 Unhandled ArrayIndexOutOfBounds exception in Android Runtime Android Tom Court August 2016
CVE-2017-5384 Information disclosure via Proxy Auto-Config (PAC) Firefox Paul Stone, Alex Chapman July 2016
CVE-2016-5134 URL leakage via PAC script Chrome Paul Stone, Alex Chapman July 2016
CVE-2016-1801 Information disclosure vulnerability in Proxy Auto-Config iOS/MacOS Paul Stone, Alex Chapman July 2016
CVE-2016-3763 Information disclosure vulnerability in Proxy Auto-Config Android Paul Stone, Alex Chapman July 2016
CVE-2014-3524 Command injection when loading Calc spreadsheets under Windows Calc James Kettle, Rohan Durve August 2014
CVE-2012-0161 .NET Framework Serialization Vulnerability .Net James Forshaw May 2012
CVE-2012-0160 .NET Framework Serialization Vulnerability .Net James Forshaw May 2012

As part of our coordinated disclosure policy, Context regularly reports vulnerabilities to manufacturers. This table shows the recent interesting issues credited to Context staff. These issues were found either during our own research, or on client engagements where the client was happy for us to disclose the issue.

Our disclosure policy

Context’s disclosure policy has been designed to protect our clients, vendors and users of affected products in equal measures. We believe that providing adequate time for a vendor to issue fixes for critical vulnerabilities, whilst maintaining disclosure timeframes provides the best balance for all parties involved. Context’s full disclosure policy can be found on our Coordinated Disclosure Policy Page.

Related Content

Page

Blog

Read More

Blog

19 Jun 2017

WAP just happened to my Samsung Galaxy?

This is the third in a series of blogs about how, even in 2017, SMS-based attack...

Read Article

Blog

19 Jun 2017

Sniffing HTTPS URLS with malicious PAC files

In March this year we discovered an issue with the way many web browsers and ope...

Read Article

Blog

19 Jun 2017

Phwning the boardroom: hacking an Android conference phone

At Context we’re always on the lookout for interesting devices to play wit...

Read Article

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
{/exp:ce_cache:it}