Research

a360inc caseaware reflective cross-site scripting | CVE-2024-25669

a360inc CaseAware 23.07.0.1688663266 allows XSS via the 'usr' parameter.

This is either a regression bug or incomplete fix as reported in CVE-2017-5631.

a360inc caseaware mod_negotiation abuse | CVE-2024-25670

a360 CaseAware 23.07.0.1688663266 allows remote attackers to obtain sensitive information about file and directory names because mod_negotiation and MultiViews are used by its Apache HTTP Server.

Aruba HPE5140 Switch ████ ████████ | CVE-2023-TBD | 0Day

Aruba switch HPE5140 is vulnerable to an ████ ████████ ██ ███ ██████████████ ████ ███ ███ ████ █████████.

Aruba responded that this is a "hardening issue" and released a mitigation bulletin for the time being via:

https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjE0NjMw;notificationCategory=Product

GeoVision ASManager Local file inclusion | CVE-2022-46070

ASManager by GeoVision is vulnerable to a Local File Inclusion in versions at or below 6.0.1.0. The service runs with elevated privileges and allows for retrieval of any protected file on the host.

GeoVision was quick to respond and pushed a fix as a beta 6.0.1B.0 but will have a production release in 6.0.2.0.

Stackify prefix ████████ ███ | CVE-2022-TBD | 0Day

Prefix (3.0.28) by Stackify is vulnerable to a ██████████ ███ █████ ██████ ██████ █████████ ██████████ █████████.

Netreo responded that a fix is in development but could not share an estimated release date.

Aruba HPE2810 switch ████████ ███ | CVE-2022-TBD | 0Day

Aruba switch HPE2810 is vulnerable to a ██████████ ███ █████████████ ████████ ███████ ████████.

Aruba responded that the product is EOL and will not be releasing a fix. It's recommended to upgrade switches or to disable the web interface via:

> conf t

> no web-management

Juniper Junos OS ████ █████████ | CVE-2021-TBD | 0Day

An ███████████████ ████ ███ ██████ █████████ ████████ ███████ ███ ████.

Juniper responded that the product is EOL (J-Web 18.2A1) within 6 months and will not be releasing a fix.

Fortiweb ████████ ██████████ ███ | CVE-2021-TBD | 0Day

FortiWeb internal web application ██ ██████████ █ ██████████ ██████████ █████████. ███ ███ ████ █████ ███████████ ██ █████ ███ ████████ ██ ██ █████████████ ███████ █████ ██ ████████. 

FortiNet responded that the product (6.3.10) had an incomplete patch and is working on releasing a fix.

XEN Orchestra privilege escalation via websockets | CVE-2021-36383

Permissions enforcement through websockets is not thoroughly checked and can lead to an unprivileged 'user' to obtain data only accessible by 'admin'.

CRK Business Platform reflective XSS | CVE-2020-13969

CRK Business Platform is vulnerable to reflective XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter.

CRK Business Platform SQL Injection | CVE-2020-13968

CRK Business Platform is vulnerable to SQL injection on any path that accepts the 'strSessao' parameter.

symantec DLP Persistent xss | CVE-2019-9701

Symantec's Data Loss Protection is vulnerable to persistent XSS via 'name' parameter on /ProtectManager/enforce/admin/senderrecipientpatterns/list.

Concrete5 Authorization Bypass Through User-Controlled Key | CVE-2017-18195

An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.