irbishop / CVEs Public

Notifications You must be signed in to change notification settings
Fork 3
Star 5

Public issues I identified. Write-ups, exploit tools, etc.

5 stars 3 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 57 Commits
2019-10717		2019-10717
2019-10718		2019-10718
2019-10719		2019-10719
2019-10720		2019-10720
2019-10721		2019-10721
2019-11392		2019-11392
2019-16917		2019-16917
2019-17114		2019-17114
2019-17115		2019-17115
2019-17116		2019-17116
2019-17117		2019-17117
2019-17118		2019-17118
2019-17119		2019-17119
2019-17120		2019-17120
2019-9955		2019-9955
2020-11679		2020-11679
2020-11680		2020-11680
2020-11681		2020-11681
2020-11682		2020-11682
2020-5497		2020-5497
.gitignore		.gitignore
README.md		README.md

Repository files navigation

CVEs

A collection of issues I identified and the associated CVE. Vendors have been notified and given ample time to develop/release patches.

CVE-2019-9955

Title: Reflected Cross Site Scripting on Login Page of Zyxel devices
Disclosure Date: 15 Apr 2019

CVE-2019-10717

Title: BlogEngine.NET Directory Traversal / Content Listing
Disclosure Date: 24 Jun 2019

CVE-2019-10718

Title: BlogEngine.NET pingback.axd XXE
Disclosure Date: 19 Jun 2019

CVE-2019-10719

Title: BlogEngine.NET Directory Traversal in File Upload / Remote Code Execution
Disclosure Date: 17 Jun 2019

CVE-2019-10720

Title: BlogEngine.NET Directory Traversal in theme cookie / Remote Code Execution
Disclosure Date: 17 Jun 2019

CVE-2019-10721

Title: BlogEngine.NET Unvalidated redirect login page
Disclosure Date: 24 Jun 2019

CVE-2019-11392

Title: BlogEngine.NET syndication.axd XXE
Disclosure Date: 19 Jun 2019

CVE-2019-16917

Title: WiKID Systems 2FA Enterprise Server searchDevices.jsp SQL Injection
Disclosure Date: 16 Oct 2019

CVE-2019-17114

Title: WiKID Systems 2FA Enterprise Server userPreregistration.jsp Cross-site Scripting
Disclosure Date: 16 Oct 2019

CVE-2019-17115

Title: WiKID Systems 2FA Enterprise Server Logs.jsp Unauthenticated Cross-site Scripting
Disclosure Date: 16 Oct 2019

CVE-2019-17116

Title: WiKID Systems 2FA Enterprise Server groups.jsp Cross-site Scripting
Disclosure Date: 16 Oct 2019

CVE-2019-17117

Title: WiKID Systems 2FA Enterprise Server processPref.jsp SQL Injection
Disclosure Date: 16 Oct 2019

CVE-2019-17118

Title: WiKID Systems 2FA Enterprise Server Cross-site Request Forgery
Disclosure Date: 16 Oct 2019

CVE-2019-17119

Title: WiKID Systems 2FA Enterprise Server Logs.jsp SQL Injection
Disclosure Date: 16 Oct 2019

CVE-2019-17120

Title: WiKID Systems 2FA Enterprise Server adm_usrs.jsp Cross-site Scripting
Disclosure Date: 16 Oct 2019

CVE-2020-5497

Title: MITREid Connect header.tag/topbar.tag Cross-Site Scripting
Disclosure Date: 3 Jan 2020

CVE-2020-11679

Title: Castel NextGen DVR - Privilege Escalation
Disclosure Date: 3 Jun 2020

CVE-2020-11680

Title: Castel NextGen DVR - Authorization Bypass
Disclosure Date: 3 Jun 2020

CVE-2020-11681

Title: Castel NextGen DVR - Cleartext Credentials
Disclosure Date: 3 Jun 2020

CVE-2020-11682

Title: Castel NextGen DVR - CSRF
Disclosure Date: 3 Jun 2020

About

Public issues I identified. Write-ups, exploit tools, etc.

Report repository

Releases

No releases published

Packages

No packages published

Languages

Python 100.0%