Advisories

Zusätzlich zu Penetrationstests engagiert sich RedTeam mit Forschung im Bereich IT-Sicherheit. Die Ergebnisse werden in Form von Advisories auf dieser Homepage und relevanten Mailinglisten veröffentlicht. Aber auch bei Penetrationstests können für die Öffentlichkeit interessante Schwachstellen entdeckt werden. Nach Rücksprache mit dem Kunden werden diese ebenfalls veröffentlicht, sofern hierdurch die Sicherheit des Kunden nicht gefährdet wird.

Eine Liste aller veröffentlichten Sicherheits-Advisories, vorwiegend auf Englisch, finden Sie hier. Außerdem werden alle Sicherheits-Advisories als RSS-Feed zur Verfügung gestellt.

• rt-sa-2023-006: D-Link DAP-X1860: Remote Command Injection (plaintext version)
• rt-sa-2023-005: Pydio Cells: Server-Side Request Forgery (plaintext version)
• rt-sa-2023-004: Pydio Cells: Cross-Site Scripting via File Download (plaintext version)
• rt-sa-2023-003: Pydio Cells: Unauthorised Role Assignments (plaintext version)
• rt-sa-2023-001: Session Token Enumeration in RWS WorldServer (plaintext version)
• rt-sa-2022-004: STARFACE: Authentication with Password Hash Possible (plaintext version)
• rt-sa-2022-002: Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin (plaintext version)
• rt-sa-2021-009: Credential Disclosure in Web Interface of Crestron Device (plaintext version)
• rt-sa-2021-007: Auerswald COMpact Multiple Backdoors (plaintext version)
• rt-sa-2021-006: Auerswald COMpact Arbitrary File Disclosure (plaintext version)
• rt-sa-2021-005: Auerswald COMpact Privilege Escalation (plaintext version)
• rt-sa-2021-004: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass (plaintext version)
• rt-sa-2021-003: Missing Authentication in ZKTeco ZEM/ZMM Web Interface (plaintext version)
• rt-sa-2021-002: XML External Entity Expansion in MobileTogether Server (plaintext version)
• rt-sa-2021-001: Cross-Site Scripting in myfactory.FMS (plaintext version)
• rt-sa-2020-005: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton (plaintext version)
• rt-sa-2020-004: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting (plaintext version)
• rt-sa-2020-003: FRITZ!Box DNS Rebinding Protection Bypass (plaintext version)
• rt-sa-2020-002: Denial of Service in D-Link DSR-250N (plaintext version)
• rt-sa-2020-001: Credential Disclosure in WatchGuard Fireware AD Helper Component (plaintext version)
• rt-sa-2019-016: IceWarp: Cross-Site Scripting in Notes (plaintext version)
• rt-sa-2019-015: IceWarp: Cross-Site Scripting in Notes for Contacts (plaintext version)
• rt-sa-2019-014: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC (plaintext version)
• rt-sa-2019-013: Unsafe Storage of Credentials in Carel pCOWeb HVAC (plaintext version)
• rt-sa-2019-012: Information Disclosure in REDDOXX Appliance (plaintext version)
• rt-sa-2019-007: Code Execution via Insecure Shell Function getopt_simple (plaintext version)
• rt-sa-2019-005: Cisco RV320 Command Injection (plaintext version)
• rt-sa-2019-004: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (plaintext version)
• rt-sa-2019-003: Cisco RV320 Unauthenticated Configuration Export (plaintext version)
• rt-sa-2019-002: Directory Traversal in Cisco Expressway Gateway (plaintext version)
• rt-sa-2018-004: Cisco RV320 Command Injection (plaintext version)
• rt-sa-2018-003: Cisco RV320 Unauthenticated Diagnostic Data Retrieval (plaintext version)
• rt-sa-2018-002: Cisco RV320 Unauthenticated Configuration Export (plaintext version)
• rt-sa-2018-001: Arbitrary Redirect in Tuleap (plaintext version)
• rt-sa-2017-015: CyberArk Password Vault Memory Disclosure (plaintext version)
• rt-sa-2017-014: CyberArk Password Vault Web Access Remote Code Execution (plaintext version)
• rt-sa-2017-013: Truncation of SAML Attributes in Shibboleth 2 (plaintext version)
• rt-sa-2017-012: Shopware Cart Accessible by Third-Party Websites (plaintext version)
• rt-sa-2017-011: Remote Command Execution in PDNS Manager (plaintext version)
• rt-sa-2017-009: Remote Command Execution as root in REDDOXX Appliance (plaintext version)
• rt-sa-2017-008: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance (plaintext version)
• rt-sa-2017-007: Undocumented Administrative Service Account in REDDOXX Appliance (plaintext version)
• rt-sa-2017-006: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance (plaintext version)
• rt-sa-2017-005: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance (plaintext version)
• rt-sa-2017-004: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance (plaintext version)
• rt-sa-2017-003: Cross-Site Scripting in REDDOXX Appliance (plaintext version)
• rt-sa-2016-008: XML External Entity Expansion in Ladon Webservice (plaintext version)
• rt-sa-2016-007: Cross-Site Scripting in TYPO3 Formhandler Extension (plaintext version)
• rt-sa-2016-005: Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution (plaintext version)
• rt-sa-2016-004: Websockify: Remote Code Execution via Buffer Overflow (plaintext version)
• rt-sa-2016-003: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler (plaintext version)
• rt-sa-2016-002: Cross-site Scripting in Securimage 3.6.2 (plaintext version)
• rt-sa-2016-001: Padding Oracle in Apache mod_session_crypto (plaintext version)
• rt-sa-2015-013: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality (plaintext version)
• rt-sa-2015-012: XML External Entity Expansion in Paessler PRTG Network Monitor (plaintext version)
• rt-sa-2015-011: WebClientPrint Processor 2.0: No Validation of TLS Certificates (plaintext version)
• rt-sa-2015-010: WebClientPrint Processor 2.0: Unauthorised Proxy Modification (plaintext version)
• rt-sa-2015-009: WebClientPrint Processor 2.0: Remote Code Execution via Updates (plaintext version)
• rt-sa-2015-008: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs (plaintext version)
• rt-sa-2015-006: Buffalo LinkStation Authentication Bypass (plaintext version)
• rt-sa-2015-005: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials (plaintext version)
• rt-sa-2015-004: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery (plaintext version)
• rt-sa-2015-003: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID (plaintext version)
• rt-sa-2015-002: SQL Injection in TYPO3 Extension Akronymmanager (plaintext version)
• rt-sa-2015-001: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow (plaintext version)
• rt-sa-2014-016: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite (plaintext version)
• rt-sa-2014-015: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 (plaintext version)
• rt-sa-2014-014: AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images (plaintext version)
• rt-sa-2014-013: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page (plaintext version)
• rt-sa-2014-012: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components (plaintext version)
• rt-sa-2014-011: EntryPass N5200 Credentials Disclosure (plaintext version)
• rt-sa-2014-010: AVM FRITZ!Box: Firmware Signature Bypass (plaintext version)
• rt-sa-2014-009: Information Disclosure in TYPO3 Extension ke_questionnaire (plaintext version)
• rt-sa-2014-008: Python CGIHTTPServer File Disclosure and Potential Code Execution (plaintext version)
• rt-sa-2014-007: Remote Code Execution in TYPO3 Extension ke_dompdf (plaintext version)
• rt-sa-2014-006: Directory Traversal in DevExpress ASP.NET File Manager (plaintext version)
• rt-sa-2014-005: SQL Injection in webEdition CMS File Browser (plaintext version)
• rt-sa-2014-004: Remote Command Execution in webEdition CMS Installer Script (plaintext version)
• rt-sa-2014-003: Metadata Information Disclosure in OrbiTeam BSCW (plaintext version)
• rt-sa-2014-002: rexx Recruitment Cross-Site Scripting in User Registration (plaintext version)
• rt-sa-2014-001: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard (plaintext version)
• rt-sa-2013-003: Endeca Latitude Cross-Site Scripting (plaintext version)
• rt-sa-2013-002: Endeca Latitude Cross-Site Request Forgery (plaintext version)
• rt-sa-2013-001: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution (plaintext version)
• rt-sa-2012-002: php-decoda: Cross-Site Scripting in Video Tags (plaintext version)
• rt-sa-2012-001: Bugzilla: Cross-Site Scripting in Chart Generator (plaintext version)
• rt-sa-2011-006: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes (plaintext version)
• rt-sa-2011-005: Owl Intranet Engine: Authentication Bypass (plaintext version)
• rt-sa-2011-004: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface (plaintext version)
• rt-sa-2011-003: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances (plaintext version)
• rt-sa-2011-002: SugarCRM list privilege restriction bypass (plaintext version)
• rt-sa-2011-001: nostromo nhttpd directory traversal leading to arbitrary command execution (plaintext version)
• rt-sa-2010-003: Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication (plaintext version)
• rt-sa-2010-002: Geo++(R) GNCASTER: Insecure handling of NMEA-data (plaintext version)
• rt-sa-2010-001: Geo++(R) GNCASTER: Insecure handling of long URLs (plaintext version)
• rt-sa-2009-005: Papoo CMS: Authenticated Arbitrary Code Execution (plaintext version)
• rt-sa-2009-004: IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content (plaintext version)
• rt-sa-2009-003: IceWarp WebMail Server: SQL Injection in Groupware Component (plaintext version)
• rt-sa-2009-002: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader (plaintext version)
• rt-sa-2009-001: IceWarp WebMail Server: Cross Site Scripting in Email View (plaintext version)
• rt-sa-2008-002: SQL-Injections in Mapbender (plaintext version)
• rt-sa-2008-001: Remote Command Execution in Mapbender (plaintext version)
• rt-sa-2007-007: ActiveWeb Contentserver CMS Editor Permission Settings Problem (plaintext version)
• rt-sa-2007-006: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content (plaintext version)
• rt-sa-2007-005: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (plaintext version)
• rt-sa-2007-004: ActiveWeb Contentserver CMS SQL Injection Management Interface (plaintext version)
• rt-sa-2007-003: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure (plaintext version)
• rt-sa-2007-002: Fujitsu-Siemens ServerView Remote Command Execution (plaintext version)
• rt-sa-2007-001: Alcatel-Lucent OmniPCX Remote Command Execution (plaintext version)
• rt-sa-2006-007: Authentication bypass in BytesFall Explorer (plaintext version)
• rt-sa-2006-006: Remote command execution in planetGallery (plaintext version)
• rt-sa-2006-005: Unauthorized password recovery in phpBannerExchange (plaintext version)
• rt-sa-2006-004: Authentication bypass in phpBannerExchange (plaintext version)
• rt-sa-2006-003: Perlpodder Remote Arbitrary Command Execution (plaintext version)
• rt-sa-2006-002: Prodder Remote Arbitrary Command Execution (plaintext version)
• rt-sa-2006-001: PAJAX Remote Code Injection and File Inclusion Vulnerability (plaintext version)
• rt-sa-2005-016: Time modification flaw in BSD securelevels on NetBSD and Linux (plaintext version)
• rt-sa-2005-015: BSD Securelevels: Circumventing protection of files flagged immutable (plaintext version)
• rt-sa-2005-014: New banking security system iTAN not as secure as claimed (plaintext version)
• rt-sa-2005-013: Sophos does not recognize keylogger after string alteration (plaintext version)
• rt-sa-2005-012: Pico Server (pServ) Local Information Disclosure (plaintext version)
• rt-sa-2005-011: Pico Server (pServ) Information Disclosure Of CGI Sources (plaintext version)
• rt-sa-2005-010: Pico Server (pServ) Remote Command Injection (plaintext version)
• rt-sa-2005-009: o2 Germany begünstigt SMS-Phishing (plaintext version)
• rt-sa-2005-008: JPEG EXIF information disclosure (plaintext version)
• rt-sa-2005-007: Cross Site Scripting Vulnerability in Openconf Conference Management Software (plaintext version)
• rt-sa-2005-006: Awstats official workaround flaw (plaintext version)
• rt-sa-2005-005: Directory traversal in CitrusDB (plaintext version)
• rt-sa-2005-004: SQL-Injection in CitrusDB (plaintext version)
• rt-sa-2005-003: Upload Authorization bypass in CitrusDB (plaintext version)
• rt-sa-2005-002: Authentication bypass in CitrusDB (plaintext version)
• rt-sa-2005-001: Credit Card data disclosure in CitrusDB (plaintext version)