Identifier |
Description |
Product |
Author |
Date |
CVE-2020-13134 |
Reflected + Stored Cross-Site Scripting (XSS) vulnerability |
SecureChange
Andrej Šimko of Accenture |
August 2020 |
|
CVE-2020-13133 |
Reflected + Stored Cross-Site Scripting (XSS) vulnerability |
SecureChange
Andrej Šimko of Accenture |
August 2020 |
|
CVE-2020-16282 |
Execution with Unnecessary Privileges |
RangeeOS 8.0.4 |
Andre Waldhoff and Bastian Kanbach |
August 2020 |
CVE-2020-16281 |
Restricted Environment Breakout |
RangeeOS 8.0.4 |
Andre Waldhoff and Bastian Kanbach |
August 2020 |
CVE-2020-16280 |
Unprotected Storage of Credentials |
RangeeOS 8.0.4 |
Andre Waldhoff and Bastian Kanbach |
August 2020 |
CVE-2020-16279 |
OS Command Injection |
RangeeOS 8.0.4 |
Andre Waldhoff and Bastian Kanbach |
August 2020 |
CVE-2020-6278 |
Cross-Site Scripting (XSS) vulnerability in SAP Business Objects |
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1 and 4.2 |
Benjamin Marr and Margus Lind |
July 2020 |
CVE-2020-9767 |
Zoom Sharing Service Local Privilege Escalation |
Zoom Client for Windows < 5.0.4 where the Zoom Sharing Service is installed |
Connor Scott |
June 2020 |
CVE-2019-15747 |
Privilege Escalation via Client-Side-Source Manipulation |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-15750 |
Cross-Site-Scripting - Non-Persistent |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-15749 |
Account Takeover |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-15748 |
Authorisation Bypass |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-15751 |
Unrestricted File Upload via SCORM File |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-15746 |
PHP Command Injection |
SITOS Six Build v6.2.1 |
Dennis Herrmann and Andre Waldhoff |
October 2019 |
CVE-2019-6113 |
Directory Traversal |
Onkyo TX-NR686 – 1030-5000-1040-0010 |
Michael Skiba |
August 2019 |
CVE-2018-15513 |
Privilege Escalation |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
CVE-2018-15512 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
CVE-2018-15511 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
CVE-2018-15510 |
Cross-Site Scripting |
Totemomail 6.0.0 |
Michael Skiba, Andre Waldhoff, Carsten Sandker |
August 2019 |
CVE-2018-18379 |
Cross Site Scripting (XSS) |
Elementor LTD |
Christopher Vella |
October 2018 |
CVE-2018-12944 |
Persistent Cross-Site Scripting (XSS) |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-12943 |
Cross Site Scripting (XSS) |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-12942 |
SQL Injection |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-12941 |
Remote Code Execution |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-12940 |
Unrestricted File Upload |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-12939 |
Directory Traversal |
SeedDMS |
Dennis Herrmann and Malte Poll |
July 2018 |
CVE-2018-6493 |
SQL Injection |
HP Network Automation |
Tilman Bender, Dennis Herrmann and Bastian Kanbach |
June 2018 |
CVE-2018-6492 |
Cross-Site Scripting (XSS) |
HP Network Automation |
Tilman Bender, Dennis Herrmann and Bastian Kanbach |
June 2018 |
Hyperoptic ZTE home routers |
Hardcoded account allows compromise of all Hyperoptic ZTE home routers |
ZTE H298N and ZTE H298A |
Dan Cater |
April 2018 |
CVE-2017-9377 |
Command Injection Vulnerability on ClickShare Base Units |
ClickShare Base Units |
Claudio Moletta |
September 2017 |
CVE-2017-8419 |
Multiple stack and heap corruptions from malicious file |
Lame 3.99.5 MP3 |
Gareth Evans |
May 2017 |
Mitel 17-0003 |
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) |
Mitel UC360 |
Tom Moreton |
February 2017 |
Mitel 17-0002 |
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) |
Mitel UC360 |
Tom Moreton |
February 2017 |
CVE-2017-5669 |
Shmat syscall allows null-page protection bypass |
Linux |
Gareth Evans |
January 2017 |
CVE-2016-7742 |
Opening a maliciously crafted archive may lead to arbitrary code execution |
MacOS |
Gareth Evans |
December 2016 |
CVE-2016-7086 |
Local privileges escalation in VMware installer |
VMware |
Adam Bridge |
September 2016 |
CVE-2016-7988 |
No Permissions on SET_WIFI Broadcast receiver |
Android |
Tom Court |
August 2016 |
CVE-2016-7991 |
omacp app ignores security fields in OMA CP message |
Android |
Tom Court |
August 2016 |
CVE-2016-7990 |
Integer overflow in libomacp.so |
Android |
Tom Court |
August 2016 |
CVE-2016-7989 |
Unhandled ArrayIndexOutOfBounds exception in Android Runtime |
Android |
Tom Court |
August 2016 |
CVE-2017-5384 |
Information disclosure via Proxy Auto-Config (PAC) |
Firefox |
Paul Stone, Alex Chapman |
July 2016 |
CVE-2016-5134 |
URL leakage via PAC script |
Chrome |
Paul Stone, Alex Chapman |
July 2016 |
CVE-2016-1801 |
Information disclosure vulnerability in Proxy Auto-Config |
iOS/MacOS |
Paul Stone, Alex Chapman |
July 2016 |
CVE-2016-3763 |
Information disclosure vulnerability in Proxy Auto-Config |
Android |
Paul Stone, Alex Chapman |
July 2016 |
CVE-2014-3524 |
Command injection when loading Calc spreadsheets under Windows |
Calc |
James Kettle, Rohan Durve |
August 2014 |
CVE-2012-0161 |
.NET Framework Serialization Vulnerability |
.Net |
James Forshaw |
May 2012 |
CVE-2012-0160 |
.NET Framework Serialization Vulnerability |
.Net |
James Forshaw |
May 2012 |