33 matches found
LumisXP 16.1.x Hardcoded Credentials / IDOR
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
LumisXP 16.1.x Cross Site Scripting
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
LumisXP 16.1.x Cross Site Scripting
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
Piwigo 13.5.0 SQL Injection Vulnerability
Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...
Piwigo 13.5.0 SQL Injection
===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...
WordPress WPvivid Backup Path Traversal Vulnerability
Wordpress plugin - WPvivid Backup - Version 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements Reference...
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...
LiquidFiles 3.4.15 Cross Site Scripting Vulnerability
LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
===== Tempest Security Intelligence - ADV-03/2022 ========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timelin...
Envira Gallery Lite 1.8.3.2 Cross Site Scripting
==== Tempest Security Intelligence - ADV-12/2020 ============================= Envira Gallery - Lite Edition - Version 1.8.3.2 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================ • Overview •...
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
===== Tempest Security Intelligence - ADV-03/2019 ========================== Piwigo - Version 2.9.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline ...
NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass
===== Tempest Security Intelligence ===================================== Multiple vulnerabilities in NPLUG wireless repeater CVE-2018-12455: Authentication bypass CVE-2018-12456: Multiple CSRF CVE-2018-17337: XSS via SSID ------------------------------------------------------- Author: - Patrick...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Exploit
Exploit for windows platform in category dos / poc 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackL...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" memberName = "IsBl...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" m...
ISS For Business 14.0.1400.2029 Blue Screen Of Death Vulnerability
In MicroWorld eScan Internet Security Suite ISS for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \.\econceal to cause a denial of service BSOD. ===== Tempest Security Intelligence - ADV-24/2018 === eScan ISS for...
Total AV 4.6.19 Insecure Permissions
===== Tempest Security Intelligence - ADV-23/2018 === Total AV 4.1.7 4 .6.19 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detailed description...
Hola VPN 1.79.859 - Insecure service permissions Vulnerability
Exploit for windows platform in category local exploits ===== Tempest Security Intelligence - ADV-22/2018 === Hola VPN 1.79.859 - Insecure service permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents...
WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability
Exploit for multiple platform in category local exploits ===== Tempest Security Intelligence - ADV-16/2018 === WPS Free Office 10.2.0.5978 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: filipe.xavier tempest.com.br =====...
Panda Global Security 17.0.1 NULL DACL Grants Full Access
===== Tempest Security Intelligence - ADV-17/2018 === Panda Global Security 17.0.1 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detail...