Advisories

Our security analysts practise responsible disclosure and report the zero-day vulnerabilities they discover. Here you will find a list of vulnerabilities they have permission to publish. Due to security-risks associated not all zero-days are published and accredited.  

Transform Your Business Through Ours

REQUEST AN ASSESSMENT

Our current advisories

CVE-2020-28001 - Stored cross-site scripting in Serv-U File Server by SolarWinds, Jack Misiura

CVE-2020-27994 - Path traversal in Serv-U File Server by SolarWinds, Jack Misiura

CVE-2020-28861 - Missing access controls in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-28860 - Authenticated blind SQL injection in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-28859 - Reflected cross-site scripting in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-28858 - Cross-site request forgery in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-28857 - Stored cross-site scripting in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-28856 -  IP access control bypass in OpenAsset Digital Asset Management by OpenAsset, Jack Misiura

CVE-2020-29304 - Self-reflected cross-site scripting in DirectoriesPro by SabaiApps, Jack Misiura

CVE-2020-29303 - Reflected cross-site scripting in DirectoriesPro by SabaiApps, Jack Misiura

CVE-2020-11497 - Payment system bypass in NAB Transact WooCommerce Plugin, Jack Misiura

CVE-2020-11727 - Reflected cross-site scripting in Advanced Order Export, Jack Misiura

CVE-2019-13181 - CSV injection vulnerability in SolarWinds Serv-U, Richard Tan

CVE-2019-13182 - Stored cross-site scripting in SolarWinds Serv-U, Richard Tan

CVE-2019-0972 - Local Security Authority Subsystem Service (LSASS) Remote Denial of Service, Danyal Drew and Elad Shamir

Linux Privilege Escalation via LXD, Chris Moberly

CVE-2018-19999 - Local Privilege Escalation via Serv-U FTP Server, Chris Moberly

CVE-2019-7304 - Local privilege escalation in Ubuntu Linux and derivatives, Chris Moberly

CVE-2018-7669 - Sitecore Directory Traversal Vulnerability, Chris Moberly

CVE-2018-13415 - Out-of-Band XXE in SSDP Processing of Plex Media Server, Chris Moberly

CVE-2018-13416 - Out-of-Band XXE in SSDP Processing of Universal Media Server, Chris Moberly

CVE-2018-13417 - Out-of-Band XXE in SSDP Processing of Vuze Bitorrent Client, Chris Moberly

CVE-2018-19934 - Reflected XSS in SolarWinds Serv-U FTP Server, Chris Moberly

CVE-2018-15906 - Application Privilege Escalation in SolarWinds Serv-U, Chris Moberly

CVE-2018-11002 - Pulse Secure Desktop Client (Windows) 5.3 Elevation of Privilege Vulnerability, Matthew Bush

CVE-2017-16878 - Reflected cross-site scripting in PAN-OS Captive Portal, Shaun Wheelhouse

CVE-2016-4573 - FortiSwitch rest_admin account exposed under certain conditions, Emma Ferguson

Budget
Gilbert+Tobin
GoodmanGroup
GWF

The usual suspects

A small selection from our list of happy clients