Advisories
Additionally to penetration tests, RedTeam Pentesting conducts research in the area of IT security. The results are made available in the form of advisories on this homepage. Subscribe to our RSS feed to get all the updates. Penetration tests may also yield interesting security flaws for the public. After consulting with the customer, those will be published, too, as long as the security of the customer is not compromised. This way, we actively contribute to improving IT security and enable others to benefit from our findings.
2024
- rt-sa-2024-009: Moodle: Remote Code Execution via Calculated Questions
- rt-sa-2024-008: WatchGuard SSO Client Denial-of-Service
- rt-sa-2024-007: WatchGuard SSO Agent Telnet Authentication Bypass
- rt-sa-2024-006: WatchGuard SSO Protocol is Unencrypted and Unauthenticated
- rt-sa-2024-005: Milesight UG67: World Writeable Webroot Allows for Privilege Escalation
- rt-sa-2024-004: Milesight UG67: UBUS Allows for Privilege Escalation
- rt-sa-2024-003: Milesight UG67: Circumvention of User Account Restrictions using SSH Port Forwarding
- rt-sa-2024-002: Milesight UG67: Undocumented Default Password
- rt-sa-2024-001: Milesight UG67: Privileged Access Using USB Console
2023
- rt-sa-2023-007: Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials
- rt-sa-2023-006: D-Link DAP-X1860: Remote Command Injection
- rt-sa-2023-005: Pydio Cells: Server-Side Request Forgery
- rt-sa-2023-004: Pydio Cells: Cross-Site Scripting via File Download
- rt-sa-2023-003: Pydio Cells: Unauthorised Role Assignments
- rt-sa-2023-001: Session Token Enumeration in RWS WorldServer
2022
2021
- rt-sa-2021-009: Credential Disclosure in Web Interface of Crestron Device
- rt-sa-2021-007: Auerswald COMpact Multiple Backdoors
- rt-sa-2021-006: Auerswald COMpact Arbitrary File Disclosure
- rt-sa-2021-005: Auerswald COMpact Privilege Escalation
- rt-sa-2021-004: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass
- rt-sa-2021-003: Missing Authentication in ZKTeco ZEM/ZMM Web Interface
- rt-sa-2021-002: XML External Entity Expansion in MobileTogether Server
- rt-sa-2021-001: Cross-Site Scripting in myfactory.FMS
2020
- rt-sa-2020-005: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
- rt-sa-2020-004: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting
- rt-sa-2020-003: FRITZ!Box DNS Rebinding Protection Bypass
- rt-sa-2020-002: Denial of Service in D-Link DSR-250N
- rt-sa-2020-001: Credential Disclosure in WatchGuard Fireware AD Helper Component
2019
- rt-sa-2019-016: IceWarp: Cross-Site Scripting in Notes
- rt-sa-2019-015: IceWarp: Cross-Site Scripting in Notes for Contacts
- rt-sa-2019-014: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC
- rt-sa-2019-013: Unsafe Storage of Credentials in Carel pCOWeb HVAC
- rt-sa-2019-012: Information Disclosure in REDDOXX Appliance
- rt-sa-2019-007: Code Execution via Insecure Shell Function getopt_simple
- rt-sa-2019-005: Cisco RV320 Command Injection
- rt-sa-2019-004: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
- rt-sa-2019-003: Cisco RV320 Unauthenticated Configuration Export
- rt-sa-2019-002: Directory Traversal in Cisco Expressway Gateway
2018
2017
- rt-sa-2017-015: CyberArk Password Vault Memory Disclosure
- rt-sa-2017-014: CyberArk Password Vault Web Access Remote Code Execution
- rt-sa-2017-013: Truncation of SAML Attributes in Shibboleth 2
- rt-sa-2017-012: Shopware Cart Accessible by Third-Party Websites
- rt-sa-2017-011: Remote Command Execution in PDNS Manager
- rt-sa-2017-009: Remote Command Execution as root in REDDOXX Appliance
- rt-sa-2017-008: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
- rt-sa-2017-007: Undocumented Administrative Service Account in REDDOXX Appliance
- rt-sa-2017-006: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance
- rt-sa-2017-005: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
- rt-sa-2017-004: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
- rt-sa-2017-003: Cross-Site Scripting in REDDOXX Appliance
2016
- rt-sa-2016-008: XML External Entity Expansion in Ladon Webservice
- rt-sa-2016-007: Cross-Site Scripting in TYPO3 Formhandler Extension
- rt-sa-2016-005: Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution
- rt-sa-2016-004: Websockify: Remote Code Execution via Buffer Overflow
- rt-sa-2016-003: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler
- rt-sa-2016-002: Cross-site Scripting in Securimage 3.6.2
- rt-sa-2016-001: Padding Oracle in Apache mod_session_crypto
2015
- rt-sa-2015-013: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality
- rt-sa-2015-012: XML External Entity Expansion in Paessler PRTG Network Monitor
- rt-sa-2015-011: WebClientPrint Processor 2.0: No Validation of TLS Certificates
- rt-sa-2015-010: WebClientPrint Processor 2.0: Unauthorised Proxy Modification
- rt-sa-2015-009: WebClientPrint Processor 2.0: Remote Code Execution via Updates
- rt-sa-2015-008: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs
- rt-sa-2015-006: Buffalo LinkStation Authentication Bypass
- rt-sa-2015-005: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
- rt-sa-2015-004: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
- rt-sa-2015-003: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
- rt-sa-2015-002: SQL Injection in TYPO3 Extension Akronymmanager
- rt-sa-2015-001: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
2014
- rt-sa-2014-016: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite
- rt-sa-2014-015: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
- rt-sa-2014-014: AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images
- rt-sa-2014-013: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
- rt-sa-2014-012: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
- rt-sa-2014-011: EntryPass N5200 Credentials Disclosure
- rt-sa-2014-010: AVM FRITZ!Box: Firmware Signature Bypass
- rt-sa-2014-009: Information Disclosure in TYPO3 Extension ke_questionnaire
- rt-sa-2014-008: Python CGIHTTPServer File Disclosure and Potential Code Execution
- rt-sa-2014-007: Remote Code Execution in TYPO3 Extension ke_dompdf
- rt-sa-2014-006: Directory Traversal in DevExpress ASP.NET File Manager
- rt-sa-2014-005: SQL Injection in webEdition CMS File Browser
- rt-sa-2014-004: Remote Command Execution in webEdition CMS Installer Script
- rt-sa-2014-003: Metadata Information Disclosure in OrbiTeam BSCW
- rt-sa-2014-002: rexx Recruitment Cross-Site Scripting in User Registration
- rt-sa-2014-001: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard
2013
2012
2011
- rt-sa-2011-006: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes
- rt-sa-2011-005: Owl Intranet Engine: Authentication Bypass
- rt-sa-2011-004: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface
- rt-sa-2011-003: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances
- rt-sa-2011-002: SugarCRM list privilege restriction bypass
- rt-sa-2011-001: nostromo nhttpd directory traversal leading to arbitrary command execution
2010
2009
- rt-sa-2009-005: Papoo CMS: Authenticated Arbitrary Code Execution
- rt-sa-2009-004: IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content
- rt-sa-2009-003: IceWarp WebMail Server: SQL Injection in Groupware Component
- rt-sa-2009-002: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader
- rt-sa-2009-001: IceWarp WebMail Server: Cross Site Scripting in Email View
2008
2007
- rt-sa-2007-007: ActiveWeb Contentserver CMS Editor Permission Settings Problem
- rt-sa-2007-006: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content
- rt-sa-2007-005: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings
- rt-sa-2007-004: ActiveWeb Contentserver CMS SQL Injection Management Interface
- rt-sa-2007-003: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure
- rt-sa-2007-002: Fujitsu-Siemens ServerView Remote Command Execution
- rt-sa-2007-001: Alcatel-Lucent OmniPCX Remote Command Execution
2006
- rt-sa-2006-007: Authentication bypass in BytesFall Explorer
- rt-sa-2006-006: Remote command execution in planetGallery
- rt-sa-2006-005: Unauthorized password recovery in phpBannerExchange
- rt-sa-2006-004: Authentication bypass in phpBannerExchange
- rt-sa-2006-003: Perlpodder Remote Arbitrary Command Execution
- rt-sa-2006-002: Prodder Remote Arbitrary Command Execution
- rt-sa-2006-001: PAJAX Remote Code Injection and File Inclusion Vulnerability
2005
- rt-sa-2005-016: Time modification flaw in BSD securelevels on NetBSD and Linux
- rt-sa-2005-015: BSD Securelevels: Circumventing protection of files flagged immutable
- rt-sa-2005-014: New banking security system iTAN not as secure as claimed
- rt-sa-2005-013: Sophos does not recognize keylogger after string alteration
- rt-sa-2005-012: Pico Server (pServ) Local Information Disclosure
- rt-sa-2005-011: Pico Server (pServ) Information Disclosure Of CGI Sources
- rt-sa-2005-010: Pico Server (pServ) Remote Command Injection
- rt-sa-2005-009: o2 Germany promotes SMS-Phishing
- rt-sa-2005-008: JPEG EXIF information disclosure
- rt-sa-2005-007: Cross Site Scripting Vulnerability in Openconf Conference Management Software
- rt-sa-2005-006: Awstats official workaround flaw
- rt-sa-2005-005: Directory traversal in CitrusDB
- rt-sa-2005-004: SQL-Injection in CitrusDB
- rt-sa-2005-003: Upload Authorization bypass in CitrusDB
- rt-sa-2005-002: Authentication bypass in CitrusDB
- rt-sa-2005-001: Credit Card data disclosure in CitrusDB