| Identifier |
Description |
Product |
Author |
Date |
| CVE-2019-6113 |
Directory Traversal |
Onkyo TX-NR686 – 1030-5000-1040-0010 |
Michael Skiba |
August 2019 |
| CVE-2018-15513 |
Privilege Escalation |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
| CVE-2018-15512 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
| CVE-2018-15511 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
| CVE-2018-15510 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
| CVE-2018-18379 |
Cross Site Scripting (XSS) |
Elementor LTD |
Christopher Vella |
October 2018 |
| CVE-2018-12944 |
Persistent Cross-Site Scripting (XSS) |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-12943 |
Cross Site Scripting (XSS) |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-12942 |
SQL Injection |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-12941 |
Remote Code Execution |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-12940 |
Unrestricted File Upload |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-12939 |
Directory Traversal |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
| CVE-2018-6493 |
SQL Injection |
HP Network Automation |
Tilman Bender, Dennis Herrmann and Bastian Kanbach |
June 2018 |
| CVE-2018-6492 |
Cross-Site Scripting (XSS) |
HP Network Automation |
Tilman Bender, Dennis Herrmann and Bastian Kanbach |
June 2018 |
| Hyperoptic ZTE home routers |
Hardcoded account allows compromise of all Hyperoptic ZTE home routers |
ZTE H298N and ZTE H298A |
Dan Cater |
April 2018 |
| CVE-2017-9377 |
Command Injection Vulnerability on ClickShare Base Units |
ClickShare Base Units |
Claudio Moletta |
September 2017 |
| CVE-2017-8419 |
Multiple stack and heap corruptions from malicious file |
Lame 3.99.5 MP3 |
Gareth Evans |
May 2017 |
| Mitel 17-0003 |
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) |
Mitel UC360 |
Tom Moreton |
February 2017 |
| Mitel 17-0002 |
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) |
Mitel UC360 |
Tom Moreton |
February 2017 |
| CVE-2017-5669 |
Shmat syscall allows null-page protection bypass |
Linux |
Gareth Evans |
January 2017 |
| CVE-2016-7742 |
Opening a maliciously crafted archive may lead to arbitrary code execution |
MacOS |
Gareth Evans |
December 2016 |
| CVE-2016-7086 |
Local privileges escalation in VMware installer |
VMware |
Adam Bridge |
September 2016 |
| CVE-2016-7988 |
No Permissions on SET_WIFI Broadcast receiver |
Android |
Tom Court |
August 2016 |
| CVE-2016-7991 |
omacp app ignores security fields in OMA CP message |
Android |
Tom Court |
August 2016 |
| CVE-2016-7990 |
Integer overflow in libomacp.so |
Android |
Tom Court |
August 2016 |
| CVE-2016-7989 |
Unhandled ArrayIndexOutOfBounds exception in Android Runtime |
Android |
Tom Court |
August 2016 |
| CVE-2017-5384 |
Information disclosure via Proxy Auto-Config (PAC) |
Firefox |
Paul Stone, Alex Chapman |
July 2016 |
| CVE-2016-5134 |
URL leakage via PAC script |
Chrome |
Paul Stone, Alex Chapman |
July 2016 |
| CVE-2016-1801 |
Information disclosure vulnerability in Proxy Auto-Config |
iOS/MacOS |
Paul Stone, Alex Chapman |
July 2016 |
| CVE-2016-3763 |
Information disclosure vulnerability in Proxy Auto-Config |
Android |
Paul Stone, Alex Chapman |
July 2016 |
| CVE-2014-3524 |
Command injection when loading Calc spreadsheets under Windows |
Calc |
James Kettle, Rohan Durve |
August 2014 |
| CVE-2012-0161 |
.NET Framework Serialization Vulnerability |
.Net |
James Forshaw |
May 2012 |
| CVE-2012-0160 |
.NET Framework Serialization Vulnerability |
.Net |
James Forshaw |
May 2012 |
