Advisories

During a security engagement, Steve Nyan Lin discovered a stored XSS vulnerability in the TimePictra web application which was due to a lack of input filtering. This affects the neName parameter when creating new network elements.

During a security engagement, Steve Nyan Lin discovered a lack of authentication within numerous functionaliy within the TimePictra web application which allowed viewing of sensitive information and making changes to network elements.

A Cross-Site Scripting (XSS) vulnerability has been identified in the administrator panel of Silverstripe CMS, specifically in the handling of the user input within the form messages module.

A Host header injection vulnerability in Silverstripe has been identified that allows an attacker to poison the password rese

Sam Schroder found a local file inclusion (write only) vulnerability inside of the upload functionality of Statamic CMS. This affects front end components like forms with `assets` fields.

A valid Microsoft session can be abused to reset the users password and remove multi-factor authentication (MFA) in order to takeover an account.

Roy Sugiyama found an authentication bypass vulnerability that could be used to take over any Passwordstate user account with just the knowledge of the victim's username.

Multiple vulnerabilities were discovered in the FarCry Core framework which could allow an unauthenticated user to arbitrarily upload files and perform remote code execution on the underlying server.

Jack Moran discovered a security feature bypass via a race condition within the Zitadel "password lockout policy" feature.

Ethan Mckee-Harris discovered stored cross-site scripting and email injection which could lead to silent account takeover.

Jack Moran, TC, and Ethan McKee-Harris discovered a security feature bypass within the SignInManger in ASP.NET.

Jim Rush and Tomais Williamson discovered multiple issues within the Kramer VIA GO² devices, resulting in unauthenticated Remote Code Execution (RCE). Other Kramer devices may be affected.

Daniel Nemeth found a Server-Side Request Forgery vulnerability via the *host* header that could be used to scan the internal network. Moreover, an arbitrary file read vulnerability was identified, which could allow an attacker to grep for any string

Jack Moran discovered a Server-Side Request Forgery vulnerability and a Path Traversal sequence that leads to an authentication bypass in Precisely Spectrum Spatial Analyst version 2020.1.0 S44. Spectrum Spatial Analyst is an interactive mapping and

Matthew Dekker and Michael Tsai found multiple issues across the Genero Enterprise by Four JS suite of applications. The issues allowed for various impacts on products, including remote code execution (RCE) in any Android application built using Gene

Justina Koh and Jim Rush discovered a path-traversal vulnerability in the MathType library created by Wiris. MathType is a multi-language library used as an equation editor for creating mathematical expressions. It is currently available as a Moodle

Tomais Williamson found an authenticated privilege escalation vulnerability in the Accellion kiteworks web application. A malicious website administrator could use this to gain shell access to the application with root privileges.

Michael Tsai

Michael Tsai found a Cross Site Scripting vulnerability in the Silverstripe CMS symbiote/silverstripe-queuedjobs module. This vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted

Jason Xie found an authenticated SQL injection vulnerability in the Cisco Cloud Web Security (CWS) web application. If exploited an attacker could extract or modify values stored in the underlying database.

Jason Xie found that if you have a local organisation administrator credentials, by using the API you can create, remove or revert snapshots of vApps and VMs located in another organisation’s VDC.

David Robinson found multiple issues in TelStrat Engage, a product used for recording phone calls, typically for training and customer experience purposes.

Ahmad Ashraff Ahmad found multiple issues in RSA Archer Suite by RSA Security.

Claudio Contin found that CSRF tokens are not implemented in the file upload functionality of the Secure File Transfer web client.

Stephen Shkardoon identified multiple issues in the Squiz Matrix CMS product, which could lead to a remote code execution vulnerability.

Claudio Contin found an input validation issue with ABP 4.2.

Stephen Shkardoon found multiple issues in the Teracue ENC-400 hardware, including a pre-authentication remote code execution vulnerability.

Stephen Shkardoon recently found multiple issues in WatchGuard Access Points which result in remote code execution.