ownCloud 0.1.2 User Impersonation Authorization Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: ownCloud Impersonate Vendor: ownCloud CSNC ID: CSNC-2018-015 CVE ID: N/A Subject: Authorization bypass Risk: High Effect: Remotely exploitable Author: Thierry Viaccoz Date: 29.08.2018 Introduction:...

CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...

Design/Logic Flaw

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...

CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...

CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...

CVE-2018-10604

CVE-2018-10604 affects SEL Compass 3.0.5.1 and earlier, where incorrect default permissions grant all users full access to the Compass directory, enabling modification or overwriting of files and potential privilege escalation or code execution. The issue is documented across multiple sources (NV...

SEL Compass Elevation of Privilege Vulnerability

SEL Compass is an application for managing and updating SEL products from Schweitzer Engineering Laboratories SEL, USA. An elevation of privilege vulnerability exists in SEL Compass 3.0.5.1 and earlier versions, which arises from the program failing to properly set access rights and can be...

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available for these vulnerabilities Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: Compass and AcSELerator Architect Vulnerabilities: Incorrect Default Permissions,...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Business Compass (CVE-2015-1920)

Summary WebSphere Application Server is shipped as a component of WebSphere Business Compass. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin: Securit...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with WebSphere Business Compass (CVE-2015-7450)

Summary IBM WebSphere Application Server is shipped as a component of WebSphere Business Compass. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin HTTP response splittin...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Business Compass (CVE-2015-3183)

Summary IBM WebSphere Application Server WAS is shipped as a component of WebSphere Business Compass. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security...

Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Compass (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Compass. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Business Compass (CVE-2015-0138, CVE-2015-0395, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by WebSphere Business Compass. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

Security Bulletin: Vulnerability in SSLv3 affects WebSphere Process Server, WebSphere Business Compass, WebSphere Business Modeler and WebSphere Business Modeler Publishing Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in WebSphere Process Server, WebSphere Business Compass, WebSphere Business Modeler, and WebSphere Business Modeler Publishing Server. Vulnerabili...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or with those who have neither an appropriate...

Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: totemomail Encryption Gateway Vendor: totemo AG CSNC ID: CSNC-2018-003 CVE ID: CVE-2018-6563 Subject: Cross-Site Request Forgery Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 14.05.20...

jeep-compass-panamer.com XSS vulnerability

Open Bug Bounty ID: OBB-588856 Description| Value ---|--- Affected Website:| jeep-compass-panamer.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Lenovo Fixes Hardcoded Password Flaw Impacting ThinkPad Fingerprint Scanners

PC maker Lenovo issued a fix for a hardcoded password flaw impacting ThinkPad, ThinkCentre and ThinkStation laptops. The flaw affects nearly a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 operating system. The vulnerability was disclosed by Lenovo on Thursday...