SUPREMO 4.1.3.2348 Privilege Escalation Vulnerability

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

SUPREMO 4.1.3.2348 Privilege Escalation

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

Fireware XTM Web UI Open Redirect

================================================================ Fireware XTM Web UI - Open Redirect ================================================================ Information -------------------- Name: Fireware XTM Web UI - Open Redirect Affected Software : Fireware XTM Web UI Affected Version...

Celoxis 9.5 Cross Site Scripting

================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded Vendor 14/11/2015 - Vendor responded saying 'they changed the framework itself to...

Pandora FMS 5.0 / 5.1 Authentication Bypass

================================================================ Authentication Bypass in Pandora FMS ================================================================ Information -------------------- Name: Pandora FMS - Authentication Bypass Affected Software : Pandora FMS Affected Versions: 5.0,...

Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080

We discovered a vulnerability in the Symantec Endpoint Protection Manager web application. Vulnerability Type: Login Bruteforce Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artлm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei...

Cross-site Scripting in EventLog Analyzer 9.0 build #9000

We discovered a vulnerability in the EventLog Analyzer web application. Vulnerability Type: Cross-site Scripting Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artлm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei [email protected]...

Symantec Endpoint Protection Manager 12.1.4023.4080 Login Bruteforce

We discovered a vulnerability in the Symantec Endpoint Protection Manager web application. Vulnerability Type: Login Bruteforce Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artëm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei...

EventLog Analyzer 9.0 Build #9000 Cross Site Scripting

We discovered a vulnerability in the EventLog Analyzer web application. Vulnerability Type: Cross-site Scripting Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artëm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei [email protected]...

Spamina Email Firewall 3.3.1.1 Directory Traversal

Vulnerability in the web application of Spamina email firewall. Vulnerability Type: Directory Traversal - Original release date: October 3th, 2013 - Last revised: December 9th, 2013 - Discovered by: Sisco Barrera - A2SECURE Products and affected versions: SPAMINA EMAIL FIREWALL 3.3.1.1 maybe othe...

XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3

Vulnerability Type: XSS Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 CVSSv2 Base Scored Products and affected versions: JUNOS up to 11.4 probably 12.1 and 12.3 vulnerable...