Siemens Spectrum Power Command Injection
During my time at Applied Risk I discovered a Command Injection vulnerability in Siemens Spectrum with the help of Rutger Hendriks. Siemens Spectrum is a control system for power grids.
During my time at Applied Risk I discovered a Command Injection vulnerability in Siemens Spectrum with the help of Rutger Hendriks. Siemens Spectrum is a control system for power grids.
Advisory for broken TLS certificate pinning in VTech DigiGo Kid Connect app that allows for a Man-in-the-Middle attack on the chat functionality.
Advisory for vulnerability that allows attackers to perform a persistent overlay attack on the browser app.
Advisory for broken TLS certificate validation in the VTech DigiGo browser.
Advisory for Reflected Cross-Site Scripting in CM4ALL.
Advisory for buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator.
Advisory for Stored Cross-Site Scripting in Gallery - Image Gallery (Wordpress plugin).
Advisory for Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF (Wordpress plugin).
Advisory for Weak validation of Amazon SNS push messages in W3 Total Cache (Wordpress plugin).
Advisory for Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF (Wordpress plugin).
Advisory for Information disclosure race condition in W3 Total Cache (Wordpress plugin).
Advisory for Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters plugin (Wordpress plugin).
Advisory for Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA (Wordpress plugin).
Advisory for Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin (Wordpress plugin).
Advisory for DoS via Cross-Site Request Forgery in WordPress Press This function.
Advisory for Persistent Cross-Site Scripting in Woocommerce WordPress plugin (Wordpress plugin).
Advisory for authorization bypass in InfiniteWP Admin Panel (Wordpress plugin).
Advisory for Command injection in InfiniteWP Admin Panel (Wordpress plugin).
Advisory for Denial of Service vulnerability in HackerOne via PNG image upload.
Advisory for bypassing local address filters in the Glype web-based proxy that allows attacking the internal network of the proxy host.
Advisory for path traversal vulnerability in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or remove critical files from the filesystem.
Advisory for Denial of Service vulnerability in HackerOne via GIF image upload.
Advisory for Denial of Service vulnerability in HackerOne via JPG image upload.