Dodd Security

Offensive Security and Application Security Perspectives

Published Vulnerabilities

GeoServer – Unauthenticated XXE

GeoServer is an open source server that allows users to share geospatial data. It contained a XXE vulnerability that allowed unauthenticated users to read arbitrary files on the underlying operating system.

SupportCandy – Unauthorized Account Creation

SupportCandy is a support ticket system that contains an unauthorized account creation vulnerability in versions released before May 2020. This vulnerability allows users to create new accounts when registration is disabled in WordPress and the SupportCandy plugin.

OpenCats Applicant Tracking System – Unauthenticated XML External Entity Injection (XXE) 

CVE-2019-13358
OpenCats Applicant Tracking System before version 0.9.4-3 suffers from a XML External Entity Injection that allows unauthenticated job applicants (remote users) to read files on the underlying operating system after uploading a resume with a docx or odt file extension.

Palo Alto Networks Expedition (Migration Tool) – Unauthenticated Command Injection

CVE-2018-10143
Palo Alto Networks Expedition (Migration Tool) before version 1.0.108 suffers from an unauthenticated command injection that allows unauthenticated users to execute remote commands under the context of the web-server user. This was responsibly disclosed, and an update was released.

IPFire Firewall – Command Injection

CVE-2018-16232
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed, and an update was released.

pfSense Firewall – Command Injection

CVE-2018-16055
A command injection vulnerability was discovered that led to the execution of remote commands as root. This was responsibly disclosed, and an update was released.

Mutiny Monitoring Appliance – Command Injection

CVE-2018-15529
A command injection vulnerability was discovered that led to the execution of remote commands. This was responsibly disclosed to the vendor, and an update was released.

PHP Login & User Management – Arbitrary File Upload to RCE

CVE-2018-11392
An arbitrary file upload vulnerability that led to the execution of remote code. This was responsibly disclosed to the vendor, and an update was released.

Vicon Network Cameras – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to create administrator accounts to various network camera models. A fix was made available to end-users.

Taser Axon Dock (Body-Worn Camera Docking Station) – Authentication Bypass

BugTraq
A responsibly disclosed vulnerability that allows unauthenticated users to gain administrator access and reconfigure a core part of a body-worn camera system. A fix was pushed to end-users.

The Author

Hi, I’m Reginald Dodd, an offensive security engineer and the author of this blog. This is where I document my perspectives on offensive security and application security in my personal time.

Read my About Me page for more on me.