Advisory: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
2. September, 2024 #advisories
During a recent assessment, SCHUTZWERK discovered a vulnerability in HIGH-LEIT which allows privilege escalation.
advisories
Advisory: Buffer overread in U-Boot DHCP (CVE-2024-42040)
19. August, 2024 #advisories
During an embedded security assessment, we identified a buffer overread vulnerability (CWE-126) in the DHCP implementation of U-Boot that could leak memory onto the network.
Advisory: Local privilege escalation in saConnect/saConnectService by Secadm GmbH - now enthus
1. Juli, 2024 #advisories
During an assessment, we discovered a local privilege escalation vulnerability in the custom OpenVPN client saConnect/saConnectService.
Advisory: Arbitrary File Read via XML External Entities in Visual Planning (CVE-2023-49234)
28. März, 2024 #advisories
During a recent assessment, we discovered a vulnerability in Visual Planning, which allows an authenticated attacker to obtain read access to arbitrary files on the application server.
Advisory: Insufficient Access Controls in Visual Planning
28. März, 2024 #advisories
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows a privilege escalation from non-administrative account to administrator level.
Advisory: Authentication Bypass via Password Reset Functionality in Visual Planning (CVE-2023-49232)
28. März, 2024 #advisories
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the authentication.
Advisory: Authentication Bypass in Visual Planning REST API (CVE-2023-49231)
28. März, 2024 #advisories
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the REST API authentication.
Advisory: Cross-Site-Scripting in Papaya Medical Viewer (CVE-2023-33255)
26. Mai, 2023 #advisories
During an assessment we discovered a stored cross-site-scripting vulnerability in the Papaya medical image viewer (CVE-2023-33255)
Advisory: SQL Injection in Spryker Commerce OS (CVE-2023-27568)
20. April, 2023 #advisories
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows SQL Injection.
Advisory: Remote Command Execution in Spryker Commerce OS (CVE-2022-28888)
12. Juli, 2022 #advisories
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows Remote Command Execution.