Advisory: Local privilege escalation in saConnect/saConnectService by Secadm GmbH - now enthus During an assessment, we discovered a local privilege escalation vulnerability in the custom OpenVPN client saConnect/saConnectService.
Advisory: Arbitrary File Read via XML External Entities in Visual Planning (CVE-2023-49234) During a recent assessment, we discovered a vulnerability in Visual Planning, which allows an authenticated attacker to obtain read access to arbitrary files on the application server.
Advisory: Insufficient Access Controls in Visual Planning During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows a privilege escalation from non-administrative account to administrator level.
Advisory: Authentication Bypass via Password Reset Functionality in Visual Planning (CVE-2023-49232) During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the authentication.
Advisory: Authentication Bypass in Visual Planning REST API (CVE-2023-49231) During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the REST API authentication.
Advisory: Cross-Site-Scripting in Papaya Medical Viewer (CVE-2023-33255) During an assessment we discovered a stored cross-site-scripting vulnerability in the Papaya medical image viewer (CVE-2023-33255)
Advisory: SQL Injection in Spryker Commerce OS (CVE-2023-27568) During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows SQL Injection.
Advisory: Remote Command Execution in Spryker Commerce OS (CVE-2022-28888) During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows Remote Command Execution.