Research

Ta strona przedstawia wybrane podatności wykryte przez zespół AFINE, które zostały upublicznione oraz nadano im numer CVE. Większość naszych odkryć jest jednak adresowana bezpośrednio do naszych klientów i nie jest publikowana, aby zapewnić poufność oraz ich bezpieczeństwo.

Date		CVE	Topic	Details
09/05/2024	⚠️	CVE-2024-3459	KioWare for Windows environment escape	Link
09/05/2024	⚠️	CVE-2024-3460	KioWare for Windows security control bypass	Link
09/05/2024	⚠️	CVE-2024-3461	KioWare for Windows PIN brute force	Link
18/03/2024	⚠️	CVE-2024-1606	HTML injection in BMC Control-M	Link
18/03/2024	⚠️	CVE-2024-1605	DLL side-loading in BMC Control-M	Link
18/03/2024	⚠️	CVE-2024-1604	Incorrect authorization in BMC Control-M	Link
14/02/2024	⚠️	CVE-2024-0010	PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal	Link
07/02/2024	⚠️	CVE-2024-24816	Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled	Link
11/01/2024	⚠️	CVE-2023-5118	Stored XSS in Kofax Capture software	Link
21/12/2023	⚠️	CVE-2023-4925	Easy Forms for Mailchimp <= 6.8.10 – Admin+ Stored Cross-Site Scripting	Link
12/12/2023	⚠️	CVE-2023-45184	Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks	Link
12/12/2023	⚠️	CVE-2023-45182	Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing attacker to obtain passwords to other systems	Link
12/12/2023	⚠️	CVE-2023-45185	Remote Code Execution in IBM i Access Client Solutions	Link
12/12/2023	⚠️	CVE-2023-4932	Reflected Cross-Site Scripting in SAS 9.4	Link
06/11/2023	⚠️	CVE-2023-5958	POST SMTP Mailer < 2.7.1 – Unauthenticated Cross-site Scripting	Link
06/11/2023	⚠️	CVE-2023-5209	Bookly < 22.5 – Admin+ Stored XSS	Link
08/08/2023	⚠️	CVE-2023-35359	Windows Kernel Elevation of Privilege Vulnerability	Link
25/07/2023	⚠️	CVE-2023-39062	Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8	Link
02/10/2023	⚠️	CVE-2023-38419	Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges	Link
02/10/2023	⚠️	CVE-2023-38138	Reflected Cross-site Scripting in BIG-IP Configuration utility	Link
13/06/2023	⚠️	CVE-2023-35840	elFinder < 2.1.62 – Path Traversal vulnerability in PHP LocalVolumeDriver connector	Link
20/03/2023	⚠️	CVE-2023-1478	Hummingbird < 3.4.2 – Unauthenticated Path Traversal	Link
16/03/2023	⚠️	CVE-2023-28530	IBM Cognos Analytics – Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations	Link
18/10/2022	⚠️	CVE-2022-40746	OwnCloud URL spoofing in password reset mail	Link
16/09/2022	⚠️	CVE-2022-40746	IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system	Link
25/07/2022	⚠️	CVE-2022-36433	Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2	Link
25/07/2022	⚠️	CVE-2022-36432	Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2	Link
11/07/2022	⚠️	CVE-2022-35501	Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2	Link
11/07/2022	⚠️	CVE-2022-35500	Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2	Link
11/07/2022	⚠️	CVE-2022-35642	IBM InfoSphere Information Server is vulnerable to stored cross-site scripting	Link
12/05/2022	⚠️	CVE-2022-30615	IBM InfoSphere Information Server is vulnerable to cross-site scripting	Link
28/06/2021	⚠️	CVE-2021-34254	Open Redirection (OurUmbraco)	Link
16/06/2021	⚠️	CVE-2021-3584	Server-side remote code execution (Foreman)	Link
08/06/2021	⚠️	CVE-2021-1675	Windows Print Spooler Elevation of Privilege Vulnerability	Link
07/06/2021	⚠️	CVE-2021-24378	Authenticated Stored XSS (Autoptimize)	Link
07/06/2021	⚠️	CVE-2021-24377	Race Condition leading to RCE (Autoptimize)	Link
07/06/2021	⚠️	CVE-2021-24376	Arbitrary File Upload (Autoptimize)	Link
13/05/2021	⚠️	CVE-2021-21559	Dell EMC NetWorker Security Update for Multiple Vulnerabilities	Link
13/05/2021	⚠️	CVE-2021-21558	Dell EMC NetWorker Security Update for Multiple Vulnerabilities	Link
25/09/2020	⚠️	CVE-2020-25130	SQL Injection (Observium)	Link
25/09/2020	⚠️	CVE-2020-25131	Cross-Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25132	SQL Injection (Observium)	Link
25/09/2020	⚠️	CVE-2020-25133	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
25/09/2020	⚠️	CVE-2020-25134	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
25/09/2020	⚠️	CVE-2020-25135	Cross-Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25136	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
25/09/2020	⚠️	CVE-2020-25137	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25138	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25139	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25140	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25141	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25142	Cross Site Request Forgery (CSRF) (Observium)	Link
25/09/2020	⚠️	CVE-2020-25143	SQL Injection (Observium)	Link
25/09/2020	⚠️	CVE-2020-25144	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
25/09/2020	⚠️	CVE-2020-25145	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
25/09/2020	⚠️	CVE-2020-25146	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25147	SQL Injection (Observium)	Link
25/09/2020	⚠️	CVE-2020-25148	Cross Site Scripting (Observium)	Link
25/09/2020	⚠️	CVE-2020-25149	Authenticated Directory Traversal And Local File Inclusion (Observium)	Link
03/09/2020	⚠️	CVE-2020-25102	Cross-Site Scripting (SilverStripe Advanced Reports Module)	Link
26/08/2020	⚠️	CVE-2020-5920	F5 BIG-IP AFM SQL Injection	Link
11/08/2020	⚠️	CVE-2020-1569	Microsoft Edge Memory Corruption	Link
17/07/2020	⚠️	CVE-2020-15596	Touchpad driver DLL Hijacking	Link
29/05/2020	⚠️	CVE-2020-13700	wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation	Link
25/05/2020	⚠️	CVE-2020-13484	Bitrix CRM unauthenticated server side request forgery	Link
25/05/2020	⚠️	CVE-2020-13483	Bitrix CRM XSS / WAF bypass	Link
24/05/2020	⚠️	CVE-2020-13443	ExpressionEngine Remote Command Execution via unrestricted file upload	Link
21/04/2020	⚠️	CVE-2020-11976	Apache Wicket Directory traversal due to guard protection bypass – read wicket markup file source	Link
13/01/2020	⚠️	CVE-2020-6856	JOC Cockpit, Jobscheduler, XML External Entity	Link
13/01/2020	⚠️	CVE-2020-6855	JOC Cockpit, Jobscheduler, Denial of Service	Link
13/01/2020	⚠️	CVE-2020-6854	JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting	Link
20/11/2019	⚠️	CVE-2019-19129	Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name.	Link
05/08/2019	⚠️	CVE-2019-14521	Arbitrary File Upload leading to RCE (Energy Logserver)	Link
17/07/2019	⚠️	CVE-2020-5907	TMOS Shell privilege escalation vulnerability	Link
26/03/2019	⚠️	CVE-2019-10070	Apache Atlas, Stored Cross Site Scripting	Link

Czy Twoja firma jest bezpieczna w sieci?

Dołącz do grona naszych zadowolonych klientów i zabezpiecz swoją firmę przed cyberzagrożeniami już dziś!

digitally secure

Biuro

Kontakt

<img src="https://afine.com/wp-content/themes/afine/assets/img/subheader_triangle.png" alt="" data-eio="l"> Research

Czy Twoja firma jest bezpieczna w sieci?

Dołącz do grona naszych zadowolonych klientów i zabezpiecz swoją firmę przed cyberzagrożeniami już dziś!

Biuro

Kontakt

Zapisz się do newslettera

Zaloguj się

Research

Zapisz się do
newslettera