Found bugs

Below you will find the list of few bugs I found. (In the middle of time I'll try to update CVE IDs as well...) Maybe you will find it useful:

(...)

09.09.2019 - Crashing Fortigate VM 6.2.1
09.09.2019 - Crashing DCISoft 1.21 (CVE-2019-16247)
09.09.2019 - Crashing Omegon Fluid Technology 2
18.07.2019 - XSS in Zurmo CRM (CVE-2019-14472)
18.07.2019 - XSS in TestLink 1.9.19 (CVE-2019-14471)
18.07.2019 - XSS in DokuWiki
17.06.2019 - Unquote path in CA Agents
09.05.2019 - Crashing DeviceNet Builder (CVE-2019-12898, CVE-2019-12899)
09.05.2019 - Unquoted path in ActiveFax Server 6.70
09.05.2019 - Crashing Alternate Pic View (CVE-2019-12893, CVE-2019-12894, CVE-2019-12895)
09.05.2019 - Unquoted path in Lan Messenger
09.05.2019 - Crashing Edraw Max  (CVE-2019-12896, CVE-2019-12897)
21.03.2019 - Crashing XnView (CVE-2019-9965, CVE-2019-9964, CVE-2019-9963, CVE-2019-9962, CVE-2019-9966, CVE-2019-9967, CVE-2019-9968, CVE-2019-9969)
10.02.2019 - RCE in Enterprise VA MAX
31.01.2019 - RCE in Zen Load Balancer - (CVE-2019-7301)
29.01.2019 - RCE in Artica - (CVE-2019-7300)
11.01.2019 - Crashing Zelio Soft 2
31.12.2018 - Reading Foscam (found ~23-25.09.2018)
25.12.2018 - Crashing FantaMorhp
25.12.2018 - Crashing CANOpen Builder
19.12.2018 - Crashing DCISoft
19.12.2018 - Crashing ISPSoft v3.05
07.11.2018 - Crashing LibreCAD (2.1.3) - (CVE-2018-19105)
20.10.2018 - Few XSS bugs in Dolibarr 8.0.2
28.08.2018 -- Crashing FreePlane
15.08.2018 -- Crashing KMPlayer
05.08.2018 -- Updating XnView - (CVE-2018-15174, CVE-2018-15175, CVE-2018-15176)
31.07.2018 -- Crashing nmap 7.70 - (CVE-2018-15173)
29.07.2018 -- Crashing nmap 7.60
10.07.2018 -- Exploiting Monstra CMS 3.0.4
26.06.2018 -- Exploiting CyberArk 10.2.1.603 - (CVE-2018-12903)
25.06.2018 -- Fiddler bug - case 01
25.06.2018 -- Crashing Photoshop CS3
24.06.2018 -- WriteAV / NullPtrDeref for IBM Lotus Notes 8.5
28.05.2018 -- Make free the VLC - (CVE-2018-11516)
29.04.2018 -- Few bugs in latest Nagios XI 5.4.13 - (CVE-2018-10553, CVE-2018-10554)
29.01.2018 -- Post-auth SQL injection in FreePBX - (CVE-2018-6393)
16.01.2018 -- Fuzzing ArcSight 6.x - 01 - ArcSoloBug.exe
12.01.2018 -- Wipe TrendMicro - Deep Discovery Inspector
10.01.2018 -- Few crashes for MS Access 2010/13/16 - (CVE-2018-0903, SecurityFocus
10.01.2018 -- Few crashes - MS Publisher 2010
12.12.2017 -- 'modus operandi' - Piwigo 2.9.2
12.12.2017 -- 'modus operandi' - Horde 5.2.x  - (CVE-2017-17781
05.12.2017 -- 'modus operandi' - GeniXCMS 1.1.5 - (CVE-2017-17431)
20.11.2017 -- RCE via XSS - Horde 5.2.19
16.11.2017 -- More SQL Injections in ManageEngine Applications Manager 13 - (CVE-2017-16543, CVE-2017-16542
05.11.2017 -- SQL Injection in ManageEngine Applications Manager 13 - ([CVE(s): 2017-16846, 2017-16847, 2017-16848, 2017-16849, 2017-16850, 2017-16851]) 
29.10.2017 -- Microsoft Outlook 2016 - RW/RA Crash
25.10.2017 -- Night fuzzing session - Kaspersky10 on Windows 10 - part 2
25.10.2017 -- Patch your Fortinet - CVE-2017-14182
07.09.2017 -- Night fuzzing session - Kaspersky10 on Windows 10
04.09.2017 -- SIGSEGV in Python2.7
17.08.2017 -- RCE in Trend Micro IMSVA 9.1
17.08.2017 -- DEP Violation in IBM Notes 9
17.08.2017 -- ReadAVonIP Crash in IBM Notes9
17.08.2017 -- Read/Write Crash in IBM Notes 9
17.08.2017 -- Read/Write Crash in IBM Notes 9
07.08.2017 -- Microsoft Outlook 2016 - WriteAV
07.08.2017 -- Microsoft Outlook 2010 - Write AV
25.07.2017 -- Read/Write Access Violation - Acunetix - (CVE-2017-11674)
25.07.2017 -- Few bugs in vBulletin 4.2.3 - (CVE-2017-11607)
30.05.2017 -- Exploiting MODX - Bitnami Edition
29.05.2017 -- Multiple crashes in RealPlayer 18.1.7.344 - (CVE-2017-9302)
27.05.2017 -- Exploiting Joomla 3.x - Bitnami Edition
27.05.2017 -- Exploiting DokuWiki - Bitnami Edition
27.05.2017 -- Exploiting Concrete5 CMS 8.1.0 - Bitnami Edition
27.05.2017 -- Divided RealPlayer 16.0.2.32
11.05.2017 -- Exploiting TestLink 1.9.16 - Bitnami Edition
08.05.2017 -- Napalm 2.1 feat. Bitnami
08.05.2017 -- TurnKeyLinux feat. OTRS - (CVE-2017-9299
14.04.2017 - Multiple Crashes in MS Publisher 2010/16 - part 2
11.04.2017 - Multiple Crashes in MS Publisher 2010/16
09.04.2017 -- Multiple Crashes in VLC 2.2.4 - (CVE-2017-9300/CVE-2017-9301
07.04.2017 -- Multiple Crashes in IrfanView 4.44
16.01.2017 -- Bug in ab from Apache 2.2.22
05.01.2017 -- Few bugs in TestLink
08.11.2016 -- Playing Winamp
02.11.2016 -- Divided Paint
29.10.2016 -- HTTP Server fuzzing with Burp
23.10.2016 -- Crash gdb in Kali
16.09.2016 -- SQL injection in latest e107 CMS  - (CVE-2016-10378)
10.09.2016 -- DVL Warmup poc
22.08.2016 -- Testing SQL injections in com_virtuemart 3.0.14  - (CVE-2016-10379)
29.07.2016 -- Exploiting Kali2 - Part 1
19.07.2016 -- Crash in PhotosApp for Windows 8.1
17.07.2016 -- MS Access 2010 - WriteAV Crash
16.07.2016 -- Outlook 2010 - ReadAV Crash
15.07.2016 -- MS Publisher 2010 another crash
14.07.2016 -- Irfan View - Crash - WMA heap crash
14.07.2016 -- Irfan View - Crash - TIFF case
14.07.2016 -- Irfan View - Crash - ANI poc
14.07.2016 -- IrfanView - TIF heap crash
14.07.2016 -- IfranView - msctf!tf_checkthreadinputidle
07.07.2016 -- WriteAV crash in Outlook 2010
05.06.2016 -- NULL ptr in Publisher 2010
27.05.2016 -- IE8 divided by zero
27.05.2016 -- Dos in Publisher #3
26.05.2016 -- Few pocs for IE8
26.05.2016 -- MS Office 2010 - DoS in Publisher - #2
26.05.2016 -- MS Office 2010 - DoS in Publisher


If you're looking for some of my old research feel free to check (my old, closed now) blog - HauntIT.blogspot.com

TBC...


Cheers ;]

Brak komentarzy:

Prześlij komentarz