Offensive Security and Application Security Perspectives

Published Vulnerabilities

OpenCats Applicant Tracking System – Unauthenticated XML External Entity Injection (XXE)

CVE-2019-13358
OpenCats Applicant Tracking System before version 0.9.4-3 suffers from a XML External Entity Injection that allows unauthenticated job applicants (remote users) to read files on the underlying operating system after uploading a resume with a docx or odt file extension.

Palo Alto Networks Expedition (Migration Tool) – Unauthenticated Command Injection

CVE-2018-10143
Palo Alto Networks Expedition (Migration Tool) before version 1.0.108 suffers from an unauthenticated command injection that allows unauthenticated users to execute remote commands under the context of the web-server user. This was responsibly disclosed, and an update was released.

IPFire Firewall – Command Injection

CVE-2018-16232
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed, and an update was released.

pfSense Firewall – Command Injection

CVE-2018-16055
A command injection vulnerability was discovered that led to the execution of remote commands as root. This was responsibly disclosed, and an update was released.

Mutiny Monitoring Appliance – Command Injection

CVE-2018-15529
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed to the vendor, and an update was released.

PHP Login & User Management – Arbitrary File Upload to RCE

CVE-2018-11392
An arbitrary file upload vulnerability that led to the execution of remote code. This was responsibly disclosed to the vendor, and an update was released.

Vicon Network Cameras – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to create administrator accounts to various network camera models. A fix was made available to end-users.

Taser Axon Dock (Body-Worn Camera Docking Station) – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to gain administrator access and reconfigure a core part of a body-worn camera system. A fix was pushed to end-users.