Vulnerabilities and CVEs

A non-exhaustive list of public vulnerabilities and CVEs that I have found; bug bounties and vulnerabilities released through vulnerability affiliation programs are also listed here.

• Aethra – Multiple Vulnerabilities
• AngularJS – (Angular-CLI) Authentication Bypass
• Avactis – Multiple Vulnerabilities
• British Airways – Admin Console without authentication left exposed (undisclosed)
• Cloud at Cost – Filex File Uploader – Multiple Vulnerabilities (undisclosed)
• Cloudrino – Multiple Vulnerabilities (undisclosed)
  
• CodeIgniter – Multiple Vulnerabilities (undisclosed)
• DJI – Phantom 3: Multiple Vulnerabilities
• DuckDuckGo – WebRTC (CVE-2018-6849) – Metasploit module by: Dhiraj Mishra
• eBay – HTTP Response Splitting, CSRF, Host Header Injection
• Emirates – ice Inflight Entertainment System: SQL Injection (undisclosed)
• Facebook – Spider Link Preview Generation (undisclosed)
• Fastone
  • Image Viewer v. <= 7.5
    • CVE-2021-26233 – User mode write access violation.
    • CVE-2021-26234 – User mode write access violation.
    • CVE-2021-26235 – User mode write access violation.
    • CVE-2021-26236 – Stack-based buffer overflow.
    • CVE-2021-26237 – User mode write access violation.
• Fastweb:
  • (Aethra Modem/Router) – Multiple Vulnerabilities
  • FASTGate: Multiple Vulnerabilities (undisclosed)
  • API: Multiple Vulnerabilities (undisclosed)
• Flickr – Host Header Injection
• Ghost CMS (CVE-2015-1407) – Multiple Vulnerabilities
• Google – Open Redirect (undisclosed – won’t fix)
• HP – HPE OpenCall Media Platform (OCMP) (CVE-2017-5799, CVE-2017-5798): RCE & XSS
• IBM – Tivoli Storage Manager – ITSM Administrator Client Command Line Administrative Interface <= 5.2.0.1: Stack Buffer Overflow
• JamoDat – TSMManager Collector <= 6.5.0.21: Broken Access Control & Authorization Bypass (CVE-2020-28054)
• LinkedIn – CSV Excel Formula Injection
• McAfee – ePolicy Orchestrator (ePO) Agent Remote Log: DoS/RCE (undisclosed)
• McDonald – Multiple Vulnerabilities
• Microsoft:
  • Windows:
    • CVE-2020-1337 – Vulnerability Root Cause Analysis Write-up – Elevation of Privileges (EoP) / Local Privilege Escalation (LPE)
• Metasploit (CVE-2019-5624) – RCE via RubyZip Arbitrary File Write (Zip Slip)
• Minds.com – Multiple Vulnerabilities
• Mura CMS – Multiple Vulnerabilities
• Opera Browser – WebRTC (CVE-2018-6608)
• Oracle – JD Edwards EnterpriseOne Tools (CVE-2018-2658, CVE-2018-2659): Multiple XSS (cpujan2018-3236628)
• Oscommerce – Multiple Vulnerabilities (undisclosed)
• PayPal – Android Mobile APP & API: Multiple Vulnerabilities (undisclosed)
• Phorum – CMS: Multiple Vulnerabilities
• RubyZip (CVE-2019-XXXX) – Arbitrary File Write
• Shenzhen Sricctv Technology:
  • DeviceViewer <= v.3.10.12.0 (CVE-2019-11563) – User Field Stack Buffer Overflow RCE
  • SRICAM CMS <= v.1.0.0.53(4) – User Field Stack Buffer Overflow RCE
• Synology – Cloud Station Drive 4.3.2-4450 and prior: Local Privilege Escalation via Unquoted Service Path (undisclosed)
• Tabletopia – from XSS to RCE
• Telegram – Exportable Media Files in Secret Chat
• TIM Telecom Italia – Multiple Vulnerabilities
• VirIT Explorer – Local Privilege Escalation (EoP/LPE)
• Western Union – Host Header Injection
• Yahoo Messenger – Multiple Vulnerabilities
• ZyXEL – Firewall and NAS (CVE-2020-9054): Pre-auth Remote Command Execution via OS Command Injection