Skip to content

Latest commit

 

History

History
83 lines (62 loc) · 3.05 KB

README.md

File metadata and controls

83 lines (62 loc) · 3.05 KB
Raw

CVEs

A collection of issues I identified and the associated CVE. Vendors have been notified and given ample time to develop/release patches.

CVE-2019-9955

  • Title: Reflected Cross Site Scripting on Login Page of Zyxel devices
  • Disclosure Date: 15 Apr 2019

CVE-2019-10717

  • Title: BlogEngine.NET Directory Traversal / Content Listing
  • Disclosure Date: 24 Jun 2019

CVE-2019-10718

  • Title: BlogEngine.NET pingback.axd XXE
  • Disclosure Date: 19 Jun 2019

CVE-2019-10719

  • Title: BlogEngine.NET Directory Traversal in File Upload / Remote Code Execution
  • Disclosure Date: 17 Jun 2019

CVE-2019-10720

  • Title: BlogEngine.NET Directory Traversal in theme cookie / Remote Code Execution
  • Disclosure Date: 17 Jun 2019

CVE-2019-10721

  • Title: BlogEngine.NET Unvalidated redirect login page
  • Disclosure Date: 24 Jun 2019

CVE-2019-11392

  • Title: BlogEngine.NET syndication.axd XXE
  • Disclosure Date: 19 Jun 2019

CVE-2019-16917

  • Title: WiKID Systems 2FA Enterprise Server searchDevices.jsp SQL Injection
  • Disclosure Date: 16 Oct 2019

CVE-2019-17114

  • Title: WiKID Systems 2FA Enterprise Server userPreregistration.jsp Cross-site Scripting
  • Disclosure Date: 16 Oct 2019

CVE-2019-17115

  • Title: WiKID Systems 2FA Enterprise Server Logs.jsp Unauthenticated Cross-site Scripting
  • Disclosure Date: 16 Oct 2019

CVE-2019-17116

  • Title: WiKID Systems 2FA Enterprise Server groups.jsp Cross-site Scripting
  • Disclosure Date: 16 Oct 2019

CVE-2019-17117

  • Title: WiKID Systems 2FA Enterprise Server processPref.jsp SQL Injection
  • Disclosure Date: 16 Oct 2019

CVE-2019-17118

  • Title: WiKID Systems 2FA Enterprise Server Cross-site Request Forgery
  • Disclosure Date: 16 Oct 2019

CVE-2019-17119

  • Title: WiKID Systems 2FA Enterprise Server Logs.jsp SQL Injection
  • Disclosure Date: 16 Oct 2019

CVE-2019-17120

  • Title: WiKID Systems 2FA Enterprise Server adm_usrs.jsp Cross-site Scripting
  • Disclosure Date: 16 Oct 2019

CVE-2020-5497

  • Title: MITREid Connect header.tag/topbar.tag Cross-Site Scripting
  • Disclosure Date: 3 Jan 2020

CVE-2020-11679

  • Title: Castel NextGen DVR - Privilege Escalation
  • Disclosure Date: 3 Jun 2020

CVE-2020-11680

  • Title: Castel NextGen DVR - Authorization Bypass
  • Disclosure Date: 3 Jun 2020

CVE-2020-11681

  • Title: Castel NextGen DVR - Cleartext Credentials
  • Disclosure Date: 3 Jun 2020

CVE-2020-11682

  • Title: Castel NextGen DVR - CSRF
  • Disclosure Date: 3 Jun 2020