Vulnerabilities and CVEs

A non-exhaustive list of public vulnerabilities and CVEs that I have found. Bug bounties and vulnerabilities released through vulnerability affiliation programs are also listed here.

• Aethra – Multiple Vulnerabilities
• AngularJS – (Angular-CLI) Authentication Bypass
• Avactis – Multiple Vulnerabilities
• British Airways – Admin Console without authentication left exposed (undisclosed)
• Cloud at Cost – Filex File Uploader – Multiple Vulnerabilities (undisclosed)
• Cloudrino – Multiple Vulnerabilities (undisclosed)
  
• CodeIgniter – Multiple Vulnerabilities (undisclosed)
• DJI – Phantom 3: Multiple Vulnerabilities
• DuckDuckGo – WebRTC (CVE-2018-6849) – Metasploit module by: Dhiraj Mishra
• eBay – HTTP Response Splitting, CSRF, Host Header Injection
• Emirates – ice Inflight Entertainment System: SQL Injection (undisclosed)
• Facebook – Spider Link Preview Generation (undisclosed)
• Fastweb:
  • (Aethra Modem/Router) – Multiple Vulnerabilities
  • FASTGate: Multiple Vulnerabilities (undisclosed)
  • API: Multiple Vulnerabilities (undisclosed)
• Flickr – Host Header Injection
• Ghost CMS (CVE-2015-1407) – Multiple Vulnerabilities
• Google – Open Redirect (undisclosed – won’t fix)
• HP – HPE OpenCall Media Platform (OCMP) (CVE-2017-5799, CVE-2017-5798): RCE & XSS
• LinkedIn – CSV Excel Formula Injection
• McAfee – ePolicy Orchestrator (ePO) Agent Remote Log: DoS/RCE (undisclosed)
• McDonald – Multiple Vulnerabilities
• Microsoft:
  • Windows – Elevation of Privileges (EoP) / Local Privilege Escalation (LPE), CVE-2020-XXXX – a8dd0801b5cc9439ed5cf1df18447bf9 (undisclosed yet 🙂 )
• Metasploit (CVE-2019-5624) – RCE via RubyZip Arbitrary File Write (Zip Slip)
• Minds.com – Multiple Vulnerabilities
• Mura CMS – Multiple Vulnerabilities
• Opera Browser – WebRTC (CVE-2018-6608)
• Oracle – JD Edwards EnterpriseOne Tools (CVE-2018-2658, CVE-2018-2659): Multiple XSS (cpujan2018-3236628)
• Oscommerce – Multiple Vulnerabilities (undisclosed)
• PayPal – Android Mobile APP & API: Multiple Vulnerabilities (undisclosed)
• Phorum – CMS: Multiple Vulnerabilities
• RubyZip (CVE-2019-XXXX) – Arbitrary File Write
• Shenzhen Sricctv Technology:
  • DeviceViewer <= v.3.10.12.0 (CVE-2019-11563) – User Field Stack Buffer Overflow RCE
  • SRICAM CMS <= v.1.0.0.53(4) – User Field Stack Buffer Overflow RCE
• Synology – Cloud Station Drive 4.3.2-4450 and prior: Local Privilege Escalation via Unquoted Service Path (undisclosed)
• Tabletopia – from XSS to RCE
• Telegram – Exportable Media Files in Secret Chat
• TIM Telecom Italia – Multiple Vulnerabilities
• VirIT Explorer – Local Privilege Escalation (EoP/LPE)
• Western Union – Host Header Injection
• Yahoo Messenger – Multiple Vulnerabilities
• ZyXEL – Firewall and NAS (CVE-2020-9054): Pre-auth Remote Command Execution via OS Command Injection