Micro Focus GroupWise Session ID Disclosure

Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...

Polar Flow Android 5.7.1 Secret Disclosure

Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...

Zepp 6.1.4-play User Account Enumeration

Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...

Vivellio 1.2.1 User Account Enumeration

Trovent Security Advisory 2108-01 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection

Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...

Dolibarr ERP / CRM 13.0.2 Remote Code Execution

Trovent Security Advisory 2106-01 Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2106-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2106-01 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr...

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration

Trovent Security Advisory 2104-01 User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover

Trovent Security Advisory 2104-02 Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-02 Affected product: HealthForYou & Sanitas HealthCoach mobile and web...

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting

Trovent Security Advisory 2103-02 Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...