EUVD-2025-27680

Malicious code in bioql PyPI...

PT-2023-26001 · Hcl · Hcl Compass

Name of the Vulnerable Software and Affected Versions: HCL Compass affected versions not specified Description: The issue is related to the failure to invalidate sessions. When the log out functionality is called, the application does not invalidate authenticated sessions. If the session identifi...

Checkmk 1.6.0p16 Local Privilege Escalation

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Froala WYSIWYG HTML Editor Vendor: Froala CSNC ID: CSNC-2020-004 CVE ID: CVE-2019-19935 Subject: DOM XSS in Froala WYSIWYG HTML Editor Severity: Medium Effect: Remotely exploitable Author: Emanuel Duss Date:...

Microsoft Windows Task Scheduler Security Feature Bypass Vulnerability

Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his...

VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability

Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...

Siemens SICAM A8000 Series Denial Of Service

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0:...

ownCloud 0.1.2 User Impersonation Authorization Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: ownCloud Impersonate Vendor: ownCloud CSNC ID: CSNC-2018-015 CVE ID: N/A Subject: Authorization bypass Risk: High Effect: Remotely exploitable Author: Thierry Viaccoz Date: 29.08.2018 Introduction:...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or...

totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or with those who have neither an appropriate...

Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: totemomail Encryption Gateway Vendor: totemo AG CSNC ID: CSNC-2018-003 CVE ID: CVE-2018-6563 Subject: Cross-Site Request Forgery Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 14.05.20...

Zimbra Collaboration Suite Cross Site Scripting Vulnerability

Exploit for php platform in category web applications COMPASS SECURITY ADVISORY https://www.compass-security.com CVE ID : CVE-2017-8802 Product: Zimbra Collaboration Suite ZCS 1 Vendor: Synacor Inc. 2 Subject: Stored Cross-Site Scripting XSS Vulnerability Risk: High Effect: Exploitable by Anonymo...

MyTy 5.1.6 Blind SQL Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: MyTy Vendor: Finlane GmbH CSNC ID: CSNC-2017-029 CVE ID: - Subject: Blind SQL injection Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 21.11.2017 Introduction: ------------- MyTy1 is a...

Sunell IPR54/14AKDN(II)/13 Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Sunell IPR54/14AKDNII/13 1 Vendor: Shenzhen Sunell Technology Corporation CSNC ID: CSNC-2017-011 Subject: Stored Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date:...

Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Sunell IPCAMERA IPR54/14AKDNII/13 1 Vendor: Shenzhen Sunell Technology Corporation CSNC ID: CSNC-2017-012 Subject: Session ID Enumeration Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date:...

Network, Netgear routers are exposed to severe DNS vulnerability,vulnerable to hacking-vulnerability warning-the black bar safety net

! Recently, the network device Netgear routers is found that there is a serious DNS vulnerability, at present, the network member has not yet patched the published vulnerabilities, which allow attackers to tamper with the affected router's DNS settings, it will affect its router security, estimat...

Soreco AG Xpert.Line 3.0 Authentication Bypass

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Author: Alessandro Zala [email protected] Andreas Hunkeler...

Stored XSS Flaw Patched in Thycotic Secret Server

Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim’s stored passwords. The vulnerability is in the company’s Secret Server product, which is designed to...

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping. Attackers can exploit this issue to open an audio channel with the phone's microphone...