Advisories Archive - Page 5 of 7

Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.

CVE-2017-5798: HP HPE OpenCall Media Platform (OCMP) – XSS

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbgn03686en_us

2017: Emirates ice Inflight Entertainment System – SQL Injection

(undisclosed)

2017: DJI Phantom 3 – Multiple Vulnerabilities

2017: AngularJS Angular-CLI v.1.3.2 – Authentication Bypass

https://ssd-disclosure.com/ssd-advisory-angular-cli-authentication-bypass/

2016: VirIT Explorer Lite & Pro v.8.1.68 – Local Privilege Escalation (EoP/LPE)

Severity: High

VirIT Explorer Lite & Pro v.<=8.1.68 Local Privilege Escalation (LPE)

Root Cause Analysis

2016: LinkedIn – CSV Excel Formula Injection

https://voidsec.com/linkedin-csv-injection/

2016: Phorum CMS – Multiple Vulnerabilities

https://voidsec.com/phorum-full-disclosure/

2016: eBay – HTTP Response Splitting, CSRF, Host Header Injection

http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

2016: Cloudrino – Multiple Vulnerabilities

(undisclosed)

2016: Cloud at Cost Filex File Uploader – Multiple Vulnerabilities

(undisclosed)