Shielder - Advisory

types Archives

Advisory

21/12/2022

[Advisory]

Cisco BroadWorks CommPilot Application Software Authenticated Remote Code Execution (CVE-2022-20958)

CVE-2022-20958: Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file validation and a broken access control on the vulnerable upload serverlet allows any authenticated user to upload a file which could be abused to run arbitrary code on the server.

21/12/2022

[Advisory]

Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)

CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker to achieve a full-read SSRF.

09/06/2022

[Advisory]

Autodesk Fusion 360 <= 2.0.12887 "Insert SVG" Blind XXE

Autodesk Fusion 360 <= 2.0.12887 parses SVG files with a vulnerable XML parser, leading to a Blind XML External Entities (XXE).

23/02/2022

[Advisory]

Remote Code Execution in pfSense <= 2.5.2

pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.

24/09/2021

[Advisory]

Remote Command Execution in Visual Studio Code Remote Development Extension 1.50

Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.

06/08/2021

[Advisory]

Corero SecureWatch Managed Services 9.7.2.0020 get_snapshot Path Traversal

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the `snap_file` parameter in the `/it-IT/splunkd/__raw/services/get_snapshot` HTTP API endpoint. A 'low privileged' attacker can read any file on the target host.

06/08/2021

[Advisory]

Corero SecureWatch Managed Services 9.7.2.0020 Multiple Broken Access Control

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user's privileges, allowing a user to perform actions not belonging to his role.

26/07/2021

[Advisory]

Mattermost server v5.32 > v5.36 Reflected XSS in OAuth flow

The OAuth flow implemented in Mattermost server v5.32 > v5.36 is affected by a reflected XSS. An unauthenticated attacker might gain access to the victim's session.

03/06/2021

[Advisory]

QNAP Q'center Post-Auth Remote Code Execution via QPKG

A privileged user can obtain remote code execution on Q'center through a manipulated QPKG installation package.

03/06/2021

[Advisory]

QNAP Q'center Virtual Appliance < 1.12.1014 Stored XSS

An unauthenticated attacker can inject JavaScript code on Q'center Virtual Appliance event log page.