Dodd Security

Offensive Security and Application Security Perspectives

Published Vulnerabilities

Palo Alto Networks Expedition (Migration Tool) – Unauthenticated Command Injection

CVE-2018-10143 
Palo Alto Networks Expedition (Migration Tool) before version 1.0.108 suffers from an unauthenticated command injection that allows unauthenticated users to execute remote commands under the context of the web-server user. This was responsibly disclosed, and an update was released.

IPFire Firewall – Command Injection

CVE-2018-16232 
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed, and an update was released.

pfSense Firewall – Command Injection

CVE-2018-16055 
A command injection vulnerability was discovered that led to the execution of remote commands as root. This was responsibly disclosed, and an update was released.

Mutiny Monitoring Appliance – Command Injection

CVE-2018-15529
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed to the vendor, and an update was released.

PHP Login & User Management – Arbitrary File Upload to RCE

CVE-2018-11392 
An arbitrary file upload vulnerability that led to the execution of remote code. This was responsibly disclosed to the vendor, and an update was released.

Vicon Network Cameras – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to create administrator accounts to various network camera models. A fix was made available to end-users.

Taser Axon Dock (Body-Worn Camera Docking Station) – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to gain administrator access and reconfigure a core part of a body-worn camera system. A fix was pushed to end-users.

Theme by Anders Norén