Recent IT Security Advisories

Sense of Security publishes security advisories on vulnerabilities identified through our security research in accordance with our vulnerability disclosure policy. It is our way of giving something back to the security community.

We have identified vulnerabilities in products from major vendors such as IBM, Cisco, Microsoft, Oracle, Sun, Apache, and Adobe.

2019

23-10-19

Sense of Security – Security Advisory – SOS-19-001 – XML External Entities Injection (XXE) in XNAT 1.7

2018

25-10-18

Sense of Security – Security Advisory – SOS-18-003 – Inteset Secure Lockdown Standard Edition – Privilege Escalation and Insecure Cryptographic Storage

29-3-18

Sense of Security – Security Advisory – SOS-18-002 – CA Workload Automation AE SQL Injection

29-3-18

Sense of Security – Security Advisory – SOS-18-001 – CA Workload Automation AE RCE

2017

23-10-17

Security Advisory – BSD lpd Access Control Bypass

10-2-17

Security Advisory – Emsisoft Anti-Malware Behavior Blocker Bypass

2015

20-11-15

Security Advisory – Microsoft Skype for Business 2016 Unauthorised Script Execution Vulnerability

14-4-15

Security Advisory – ClickSoftware ClickSchedule Multiple Security Vulnerabilities

14-4-15

Security Advisory – ClickSoftware ClickMobile Multiple Security Vulnerabilities

2-2-15

Security Advisory – Splendid CRM XML External Entity Injection (XXE) Vulnerability

21-1-15

Sense of Security – Security Advisory – SOS-15-001 – tcpdump Memory Disclosure Vulnerability

2014

14-12-14

Sense of Security – Security Advisory – SOS-14-005 – SAP NetWeaver Business Client for HTML

14-12-14

Security Advisory – SAP Work Manager, SAP CRM Service Manager and iOS Client

30-11-14

Sense of Security – Security Advisory – SOS-14-003 – Cisco CUCDM Self Care Portal

30-11-14

Sense of Security – Security Advisory – SOS-14-002 – Cisco CUCDM Administration Portal

30-11-14

Security Advisory – Cisco CUCDM IP Phone Services

2013

10-9-13

Security Advisory – Juniper Junos J-Web Privilege Escalation Vulnerability

29-4-13

Security Advisory – Mi-Token Enterprise Edition and API Edition – Brute-Force Vulnerability

3-4-13

Security Advisory – Google Active Directory Sync Tool Vulnerability

2012

30-11-12

Sense of Security – Security Advisory – SOS-12-011 – SilverStripe CMS Multiple Vulnerabilities

10-10-12

Security Advisory – FileBound Privilege Escalation Vulnerability

5-9-12

Sense of Security – Security Advisory – SOS-12-009 – Ektron CMS Multiple Vulnerabilities

24-8-12

Security Advisory – Elcom CMS – Community Manager Insecure File Upload Vulnerability

14-6-12

Sense of Security – Security Advisory – SOS-12-007 – Squiz Matrix Multiple Vulnerabilities

13-6-12

Sense of Security – Security Advisory – SOS-12-006 – QNAP Turbo NAS Multiple Vulnerabilities

3-5-12

Security Advisory – Netgear WNDRMAC Exposure of Sensitive Information Vulnerability

12-3-12

Sense of Security – Security Advisory – SOS-12-004 – Aurora WebOPAC SQL Injection Vulnerability

7-3-12

Sense of Security – Security Advisory – SOS-12-003 – Iciniti Store SQL Injection Vulnerability

5-3-12

Security Advisory – Symfony2 Local File Disclosure Vulnerability

23-2-12

Security Advisory – Snom IP Phone Privilege Escalation and CSRF Vulnerability

2011

17-10-11

Security Advisory – WordPress Plugin BackWPUp 2.1.4 Remote/Local Code Execution Vulnerability

20-9-11

Security Advisory – NETGEAR Wireless Cable Modem Gateway CG814WG Auth Bypass and CSRF.

19-9-11

Security Advisory – Cisco TelePresence Multiple Vulnerabilities

20-7-11

Security Advisory – Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability

6-6-11

Security Advisory – Foxit Reader 4.3.1.0218 Multiple Memory Corruption Vulnerabilities

20-5-11

Security Advisory – PHPCaptcha / Securimage Authentication Bypass

18-5-11

Security Advisory – Cisco Unified Operations Manager Multiple Vulnerabilities

3-5-11

Security Advisory – Proofpoint Protection Server Cross-Site Scripting Vulnerability

15-4-11

Sense of Security – Security Advisory – SOS-11-004 – cPassMan v1.82 Arbitrary File Download

28-3-11

Security Advisory – WordPress plugin BackWPup Remote and Local Code Execution

28-2-11

Security Advisory – PHP Blog Insert Authentication Security Bypass

21-1-11

Sense of Security – Security Advisory – SOS-11-001 – Adobe Reader 9.4.1 Infinite Loop Condition

2010

20-12-10

Security Advisory – Elcom Technology’s CommunityManager.NET Auth Bypass Vulnerability

6-10-10

Security Advisory – Adobe Reader 9.3.4 Multiple Memory Corruption Vulnerabilities

5-3-10

Security Advisory – Apache 2.2.14 modisapi Dangling Pointer Vulnerability

21-1-10

Security Advisory – TheGreenBow VPN Client Local Stack Overflow

2009

30-10-09

Security Advisory – SafeNet SoftRemote Local Buffer Overflow Vulnerability

17-8-09

Sense of Security – Security Advisory – SOS-09-007 – Piwigo SQL Injection Vulnerability

12-8-09

Security Advisory- Plume CMS Multiple SQL Injection Vulnerabilities

21-7-09

Security Advisory – XOOPS Multiple Cross-Site Scripting Vulnerabilities

9-7-09

Security Advisory – Lotus Sametime User Enumeration Vulnerability

30-4-09

Security Advisory – Infor SCM SupplyWEB Multiple Vulnerabilities

24-2-09

Security Advisory – Magento Multiple Cross-Site Scripting Vulnerabilities

23-2-09

Sense of Security – Security Advisory – SOS-09-001 – Libero Cross-Site Scripting Vulnerability