CODE WHITE - Finest Hacking

Date	Vendor	Product	Versions	Description	References	Credits
2024-10-15	Oracle	WebLogic Server	< CPU October 2024 ,	SequenceExternalizable Arbitrary Deserialization	CVE-2024-21216 https://www.oracle.com/securit...	Markus Wulftange &
2024-09-25	Progress	Telerik Report Server	< 2024 Q3 (18.2.24.924) ,	EntityDataSource Insecure Type Resolution	CVE-2024-8015 https://docs.telerik.com/repor...	Markus Wulftange &
2024-09-25	Progress	Telerik Reporting	< 2024 Q3 (18.2.24.924) ,	EntityDataSource Insecure Type Resolution	CVE-2024-8014 https://docs.telerik.com/repor...	Markus Wulftange &
2024-09-25	Progress	Telerik Reporting	< 2024 Q3 (18.2.24.924) ,	Insecure Expression Evaluation	CVE-2024-8048 https://docs.telerik.com/repor...	Markus Wulftange &
2024-09-04	Veeam	Backup & Replication	< 12.2.0.334 ,	Unauthenticated Remote Code Execution	https://www.veeam.com/kb4649...	Florian Hauser &
2024-08-30	Progress	OpenEdge Management	< 12.8.0 , 12.2.15 , 11.7.20 ,	Unauthenticated Content Injection	CVE-2024-7654 https://community.progress.com...	Florian Hauser &
2024-08-22	Loftware	Spectrum	won't fix (manual change required) ,	Accessible Logs	CVE-2023-37232	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 4.6 HF14 ,	Authenticated XXE	CVE-2023-37233	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 4.6 HF14 ,	Authentication Bypass	CVE-2023-37226	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 4.6 HF13 (manual change required) ,	Deserialization of Untrusted Data	CVE-2023-37227	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 4.6 HF14 ,	Hard-Coded not changable credentials	CVE-2023-37231	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 5.1 ,	Server-side Request Forgery (TestDataServiceRequest)	CVE-2023-37229	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	< 5.1 ,	Server-side Request Forgery (testDeviceConnection)	CVE-2023-37230	Nikolas Sotiriu &
2024-08-22	Loftware	Spectrum	won't fix (manual change required) ,	Unprotected JMX Registry	CVE-2023-37234	Nikolas Sotiriu &
2024-07-10	Progress	Telerik Report Server	< 2024 Q2 (10.1.24.709) ,	UnknownTypeResolver Insecure Type Resolution	CVE-2024-6327 https://docs.telerik.com/repor...	Markus Wulftange &
2024-07-10	Progress	Telerik Reporting	< 2024 Q2 (18.1.24.709) ,	UnknownTypeResolver Insecure Type Resolution	CVE-2024-6096 https://docs.telerik.com/repor...	Markus Wulftange &
2024-06-11	Microsoft	Dynamics 365 Business Central	< June 2024 ,	Pre-Auth Insecure Deserialization	CVE-2024-35248 CVE-2024-35249	Florian Hauser &
2024-04-22	Newforma	Project Center Server	<= latest/2023.3.0.32259 (not fixed) ,	Insecure .NET Remoting	CVE-2024-32499	Florian Roth & Markus Wulftange &
2024-03-22	Microsoft	.NET Framework	< January 2024 ,	HTTP .NET Remoting ObjRef Leak	CVE-2024-29059 https://code-white.com/blog/le... https://github.com/codewhitese...	Markus Wulftange &
2024-02-19	Salesforce	Tableau Server	latest version (won't fix) ,	SSRF & NetNTLM Leaks	https://frycos.github.io/vulns...	Florian Hauser &
2023-12-19	GANZ Security (CBC Group)	AI BOX	< 100378 ,	Authentication Bypass	https://frycos.github.io/vulns...	Florian Hauser &
2023-12-19	Netavis Software GmbH	CCTV with Observer	~ 4.6.8 (not fixed) ,	Pre-Authenticated XXE	n/a	Florian Hauser &
2023-12-14	Hitachi Ventara	Pentaho Business Analytics Server	8.x , < 9.5.0.1 , < 9.3.0.5 ,	JNDI Injection	CVE-2023-3517 https://support.pentaho.com/hc...	Markus Wulftange &
2023-12-12	Janitza	GridVis	< 9.0.67 ,	Authenticated Remote Code Execution	CVE-2023-50895	Fabian Weber &
2023-12-12	Janitza	GridVis	< 9.0.67 ,	Hard-Coded Encryption Password Allows for Authenticated Leak of Cleartext Database Credentials	CVE-2023-50894	Fabian Weber &
2023-11-29	Indu-Sol GmbH	PROFINET-INspector NT	< 2.4.1 ,	Unauthenticated Arbitrary File Write as Root	CVE-2023-49960	Fabian Weber &
2023-11-29	Indu-Sol GmbH	PROFINET-INspector NT	< 2.4.1 ,	Unauthenticated OS Command Injection	CVE-2023-49959	Fabian Weber &
2023-11-14	Microsoft	ASP.NET	< November 2023 ,	Security Feature Bypass Vulnerability	CVE-2023-36560	Markus Wulftange &
2023-10-10	Microsoft	Skype for Business Server	< Skype for Business Server 2019 CU7 and Skype for Business Server 2015 CU13 ,	Unauthenticated Server-side Request Forgery	https://msrc.microsoft.com/upd... https://frycos.github.io/vulns...	Florian Hauser &
2023-07-26	Ivanti	Ivanti Desktop and Server Management	< DSM 2022.2 SU3 ,	Local Privilege Escalation	CVE-2023-28129 https://forums.ivanti.com/s/ar...	Tobias Neitzel &
2023-07-15	OneVision Software AG	Workspace	< v.WS22.1 SR1 (build w29.032) , < v.WS22.2 SR3 (build w30.044) < v.WS23.1 SR1 (build w31.040) ,	Arbitrary Java EL Execution	CVE-2023-42404	Matteo Tomaselli &
2023-07-11	Microsoft	SharePoint	< July 2023 ,	`SPPageparserFilter` Bypass	CVE-2023-33160 https://code-white.com/blog/ex...	Markus Wulftange &
2023-06-19	Developer Express, Inc	DevExpress	< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,	Data Source Protection Bypass During XML Deserialization	CVE-2023-35815 https://supportcenter.devexpre... https://supportcenter.devexpre...	Markus Wulftange &
2023-06-19	Sitecore	Experience Manager, Experience Platform, and Experience Commerce	< 10.3 ,	Exposed Dangerous Method or Function	CVE-2023-35813 https://support.sitecore.com/k... https://code-white.com/blog/ex...	Markus Wulftange &
2023-06-19	Developer Express, Inc	DevExpress	< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,	Insecure Arbitrary TypeConverter Conversion	CVE-2023-35816 https://supportcenter.devexpre... https://supportcenter.devexpre...	Markus Wulftange &
2023-06-19	Developer Express, Inc	DevExpress	< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,	Missing Protection of XtraReport Serialized Data in ASP.NET Web Forms	CVE-2023-35814 https://supportcenter.devexpre... https://supportcenter.devexpre... https://supportcenter.devexpre...	Markus Wulftange &
2023-06-19	Developer Express, Inc	DevExpress	< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,	Server-Side Request Forgery Via AsyncDownloader	CVE-2023-35817 https://supportcenter.devexpre... https://supportcenter.devexpre... https://supportcenter.devexpre...	Markus Wulftange &
2023-05-24	Hitachi Ventara	Pentaho Business Analytics Server	< 9.3.0.3 , < 9.4.0.1 ,	Deserialization of Untrusted Data	CVE-2022-4815 https://support.pentaho.com/hc...	Markus Wulftange &
2023-04-14	MCL Technologies	MCL-Net	< 4.6 ,	Unauthenticated Arbitrary File Read as SYSTEM	https://www.mcl-mobilityplatfo...	Florian Hauser &
2023-03-02	Fortinet	FortiNAC	< 9.4.3/4 ,	Multiple Vulnerabilities (Unauthenticated)	CVE-2023-33299 https://www.fortiguard.com/psi... CVE-2023-33300 https://www.fortiguard.com/psi...	Florian Hauser &
2023-02-20	Technicolor	TG670 DSL gateway router	<= 10.5.N.9 ,	Hard-coded Administrative Credentials	CVE-2023-31808 https://www.kb.cert.org/vuls/i...	Florian Hauser &
2023-02-02	Fortra	GoAnywhere MFT	< 7.1.2 ,	Unauthenticated Remote Code Execution	CVE-2023-0669 https://frycos.github.io/vulns...	Florian Hauser &
2023-01-18	Docmosis	Tornado Server	< 2.9.5 ,	Multiple Vulnerabilities	CVE-2023-25264 CVE-2023-25265 CVE-2023-25266 https://frycos.github.io/vulns...	Florian Hauser &
2022-11-23	pgAdmin	pgAdmin Web (Windows)	<= 6.16 ,	Unauthenticated Remote Code Execution	CVE-2022-4223 https://www.pgadmin.org/docs/p...	Florian Hauser &
2022-11-09	Sophos	Sophos Mobile	5.0.0 <= 9.7.4 ,	Unauthenticated XXE	CVE-2022-3980 https://www.sophos.com/en-us/s...	Florian Hauser &
2022-10-10	Apache	Apache Archiva	latest version (won't fix) ,	Unauthorized User Registration	n/a	Florian Hauser &
2022-09-09	GFI Software	Kerio Connect	9.4.0 <= 9.4.2 ,	Low-Priv User Stack Buffer Overflow in 2FA	CVE-2023-25267	Florian Hauser &
2022-07-26	ConnectWise	R1Soft Server Backup Manager	<= v6.16.3 ,	Authentication Bypass	https://www.connectwise.com/co...	Florian Hauser &
2022-07-12	innovaphone AG	App Platform AP Manager	<= 13r2 sr17 ,	Authenticated Command Injection	CVE-2022-41870 http://wiki.innovaphone.com/in...	Dennis Herrmann &
2022-07-12	SEPPmail AG	SEPPmail Appliance	<= 12.1.17 ,	Authenticated Command Injection	CVE-2022-41871	Dennis Herrmann &
2022-06-28	Moxa	EDR-810 Series	not fixed yet ,	Authenticated Command Injection	n/a	Simon Janz &
2022-06-28	Moxa	TN-5916 NAT Router	not fixed yet ,	Authenticated Command Injection	n/a	Simon Janz &
2022-06-28	Moxa	TN-5916 NAT Router	not fixed yet ,	Authentication Bypass	n/a	Simon Janz &
2022-06-09	SmarterTools	SmarterStats	< 8195 ,	Unauthenticated Remode Code Execution in gRPC Interfaces	https://frycos.github.io/vulns...	Florian Hauser &
2022-06-03	PTC Group	Windchill PDMLink	not fixed yet ,	Vulnerable RMI Call	https://www.ptc.com/en/support...	Kai Ullrich &
2022-05-10	Potix Corporation	ZK Framework	< 9.6.2 ,	`RequestDispatcher` Local File Inclusion	CVE-2022-36537 https://tracker.zkoss.org/brow...	Markus Wulftange &
2022-02-14	3CX	Phone Management System	< 18 Update 3 ,	Unauthenticated Remote Code Execution	CVE-2022-28005 CVE-2022-48483 CVE-2022-48482 https://www.3cx.com/blog/relea...	Florian Hauser &
2022-02-08	HPE	StoreEver ESL G3 Tape Library	not fixed (EoL) ,	Unauthenticated Remote Code Execution	n/a	Florian Hauser &
2022-01-20	Citrix	Citrix ADM	13.0 before 13.0-85.19 and 13.1 before 13.1-21.53 ,	Authentication Bypass (Unauthenticated Root Password Reset)	CVE-2022-27511 https://support.citrix.com/art...	Florian Hauser & Philipp Schmied &
2022-01-20	Citrix	Citrix ADM	13.0 before 13.0-85.19 and 13.1 before 13.1-21.53 ,	Unauthenticated Service Shutdown	CVE-2022-27512 https://support.citrix.com/art...	Florian Hauser & Philipp Schmied &
2022-01-10	Act! LLC.	ACT! CRM	reported , status unknown ,	Unauthenticated Remote Code Execution	https://code-white.com/blog/20...	Florian Hauser &
2021-12-15	Microsoft	Exchange 2013/2016/2019	Prior Patch Day January 2022 ,	Deserialization Protection Bypass	CVE-2022-21969 https://msrc.microsoft.com/upd...	Florian Hauser &
2021-11-04	IBM	ADMIRA/AREMA	not fixed ,	Unauthenticated Remote Code Execution	n/a	Florian Hauser &
2021-10-25	PikeTec	TPT	< 15u5 , < 16u4 ,	Unauthenticated Remote Code Execution	https://files.piketec.com/down... https://files.piketec.com/down...	Florian Hauser &
2021-10-21	TIBCO	TIBCO JasperReports Server	<= 7.9.0 ,	Authenticated XXE	CVE-2021-35496 https://www.tibco.com/support/...	Florian Hauser &
2021-10-01	UserScape, Inc	HelpSpot	<= 5.0.92 ,	Unauthenticated RCE via Unsafe Cookie Deserialization		Philipp Schmied &
2021-09-21	Jedox GmbH	Jedox	< 2021.3 ,	(Un)Authenticated Remote Code Execution	https://knowledgebase.jedox.co...	Florian Hauser & Christian Fünfhaus &
2021-09-14	Siemens	Cerberus DSM, Desigo CC, Desigo CC Compact		.NET Deserialization	CVE-2021-37181	Markus Wulftange &
2021-08-03	Pageflex	Storefront		Arbitrary File Reading via Hard-coded Crypto Key		Markus Wulftange &
2021-07-28	Lobster	Lobster AdminConsole		RCE via Arbitrary Class Execution		Philipp Schmied &
2021-06-18	Aternity	Aternity Agent	< 12.1.3.95 ,	Local Privilege Escalation to SYSTEM	https://help.aternity.com/bund...	Florian Hauser &
2021-04-30	Citrix	ShareFile StorageZone Controller	< 5.11.20 ,	Path Traversal	CVE-2021-22941 https://support.citrix.com/art...	Markus Wulftange &
2021-01-15	Veeam	Backup & Replication	< 10.0.1.4854 P20210609 , < 11.0.0.837 P20210507 ,	.NET Deserialization via .NET Remoting	CVE-2021-35971	Markus Wulftange &
2020-12-08	Cisco	Security Manager	<= 4.23 ,	Several Unauthenticated Remote Code Executions, File Reads and Writes	CVE-2020-27130 CVE-2020-27131 CVE-2020,27125 https://tools.cisco.com/securi... https://tools.cisco.com/securi... https://tools.cisco.com/securi...	Florian Hauser &
2020-09-09	Eonic	Protean CMS	< 6.0.42.6 ,	Various vulnerabilities (file read, file write, SQL injection, XSL transformation, DataSet deserialization)	https://github.com/Eonic/Prote... https://github.com/Eonic/Prote... https://github.com/Eonic/Prote...	Markus Wulftange &
2020-09-02	SparxSystems	WebConfig	<= 4.1.43 ,	LFI leads to RCE		Philipp Schmied &
2020-07-13	Sophos	Firewall XG		SQL Injection	CVE-2020-15504	Jakob Heusinger & Matteo Tomaselli &
2020-05-11	Oracle	WebLogic Server	14.1.1 ,	Java Deserialization	CVE-2020-14644 CVE-2020-14645 CVE-2020-14687	Markus Wulftange &
2020-04-29	Pivotal	Spring Web MVC		Arbitrary File Read		Markus Wulftange &
2020-04-17	SmarterTools Inc.	SmarterStats	< 7422 ,	Unauthenticated Remote Code Execution via .NET Remoting	https://www.smartertools.com/s...	Florian Hauser &
2020-04-16	Dell	Dell VxRail	4.7.410/4.7.411/4.7.510 ,	Unauthenticated access to encrypted administration credentials	CVE-2020-5368 https://www.dell.com/support/k...	Florian Hauser &
2020-04-15	The OpenNMS Group	OpenNMS	< 26.0.1 ,	Authenticated Remote Code Execution via unsecure Java deserialization	CVE-2020-12760 https://issues.opennms.org/bro...	Florian Hauser &
2020-04-15	Zoho Corporation	ManageEngine ADManager Plus, ManageEngine Cloud Security Plus, ManageEngine Log360, ManageEngine ADAudit Plus, ManageEngine DataSecurity Plus, ManageEngine O365 Manager Plus, ManageEngine RecoveryManager Plus, ManageEngine EventLog Analyzer	< 7055 < 4110 < 5166 < 6052 < 6033 < 4334 < 6017 < 12136 ,	Unauthenticated change of system configuration via unprotected Java servlets.	CVE-2020-24786 https://medium.com/p/another-z...	Florian Hauser &
2020-04-08	HP	HPE Insight Systems Manager	<= 7.6 (unpatched) ,	Unauthenticated Remote Code Execution via unsecure Java deserialization	https://support.hpe.com/hpesc/...	Florian Hauser &
2020-04-06	Ivanti	Avalanche Data Repository Service	SQL Injection ,	6.2.2 <= 6.3.1	https://forums.ivanti.com/s/ar...	Kai Ullrich &
2020-03-20	Liferay	Portal	6.x , 7.x ,	Java Deserialization	CST-7111 CST-7205 CVE-2020-7961	Markus Wulftange &
2020-03-17	Progress	Telerik UI for Silverlight		Arbitrary File Upload	CVE-2020-11414 https://knowledgebase.progress...	Markus Wulftange &
2020-03-09	SAP	Netweaver	7.10 , 7.11 , 7.30 , 7.31 , 7.40 , 7.50 ,	Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)	CVE-2021-21481 https://wiki.scn.sap.com/wiki/...	Kai Ullrich &
2020-02-27	SmarterTools	SmarterMail	15.7.6970 ,			Markus Wulftange &
2020-02-10	FortiNet	FortiSIEM		Java Deserialization		Daniel Schacknat & Markus Wulftange &
2020-01-17	Atoss	ASES		Authentication Bypass, Path Traversal		Markus Wulftange &
2020-01-08	Progress	Telerik MVC		Path Traversal		Markus Wulftange &
2019-11-27	Károly Pados	TinyWall	< 2.1.13 ,	Privilege escalation via unsecure .NET deserialization and Process Spoofing.	CVE-2019-19470 https://code-white.com/blog/20...	Florian Hauser & Markus Wulftange &
2019-11-21	Sage	300 People		Java Deserialization		Markus Wulftange &
2019-10-18	Orckestra Technologies Inc.	C1 CMS	< 6.7 ,	Authenticated Remote Code Execution via unsecure .NET deserialization.	CVE-2019-18211 https://github.com/Orckestra/C... https://medium.com/@frycos/yet...	Florian Hauser &
2019-10-09	Zoho Corporation	ManageEngine OpManager	< 12.4 ,	Unauthenticated SQL-Injection via unprotected Java servlet	CVE-2019-17602 https://medium.com/@frycos/fin...	Florian Hauser &
2019-10-01	Progress	Telerik UI for Ajax ASP.NET		Mitigation Bypass		Markus Wulftange &
2019-08-27	myLittleTools	myLittleAdmin	3.8 ,	.NET Deserialization		Markus Wulftange &
2019-08-26	MailEnable Pty. Ltd	MailEnable		Path Traversal, Unauthenticated Socks5 Proxy		Markus Wulftange &
2019-07-25	cPanel Inc.	cpanel-dovecot-solr		Java Deserialization	n/a	Florian Hauser & Markus Wulftange &
2019-07-22	FTAPI	FTAPI	< 4.6.3 ,	Authenticated Remote Code Execution via unsecure Java deserialization	https://www.ftapi.com/Release-... see Version 4.6.3	Florian Hauser &
2019-06-04	Absorb LMS			.NET Deserialization		Markus Wulftange &
2019-05-17	Oracle	Secure Global Desktop	5.40-901 ,	Java Deserialization		Ben Heimerdinger & Markus Wulftange &
2019-03-27	IBM	IBM ServRAID	all versions ,	Unauthenticated Remote Code Execution via unprotected RMI-Registry.	n/a	Florian Hauser &
2019-02-12	SmarterTools	SmarterMail	15.x ,	XXE in SyncML, XXE in Keyoti RapidSpell		Markus Wulftange &
2019-02-07	CribMaster	CribMaster		.NET Deserialization		Markus Wulftange &
2019-02-07	Progress	Telerik UI for Ajax ASP.NET		.NET Deserialization	CVE-2019-18935	Markus Wulftange &
2019-01-14	Developer Express Inc.	DevExpress	< 13.1.13 , < 13.2.14 , < 14.1.14 , < 14.2.16 , < 15.1.14 , < 15.2.18 , < 16.1.16 , < 16.2.14 , < 17.1.14 , < 17.2.12 , < 18.1.9 , < 18.2.6 ,	.NET Deserialization	T706639	Markus Wulftange &
2018-12-04	ILIAS	ILIAS	< 4.4.5? ,	Authenticated file system data exfiltration via SOAP webservice.	Probably https://docu.ilias.de/ilias.ph...	Florian Hauser &
2018-11-13	Avast Business	Managed Workplace RMM		.NET Deserialization	CVE-2019-18935	Markus Wulftange &
2018-05-30	RedHat	RichFaces	4.x ,	EL Injection	RF-14309 CVE-2018-12532	Markus Wulftange &
2018-05-30	RedHat	RichFaces	3.x ,	EL Injection	RF-14310 CVE-2018-12533	Markus Wulftange &
2018-04-23		Genuine Channels		.NET Deserialization		Markus Wulftange &
2018-04-13		GWT		Java Deserialization		Markus Wulftange &
2018-02-22	TMW Systems			.NET Deserialization		Markus Wulftange &
2017-08-17	Tufin			El Injection		Markus Wulftange &
2017-05-17	SAP	P4		Java Deserialization		Kai Ullrich &
2017-04-04	HPE			Java Deserialization		Markus Wulftange &
2017-04-04	Atlassian	Jira	4.2.4-6.3.0 ,	Java Deserialization	VU#307983 CVE-2017-5983	Markus Wulftange &
2017-04-04	Pivotal	Spring Flex		Java Deserialization	VU#307983 CVE-2017-3203	Markus Wulftange &
2017-04-04		GraniteDS	3.1.1.GA ,	Java Deserialization, JavaBeans Setter	VU#307983 CVE-2017-3199 CVE-2017-3200	Markus Wulftange &
2017-04-04	Exadel	Flamingo amf-serializer	2.2.0 ,	Java Deserialization, JavaBeans Setter, XXE	VU#307983 CVE-2017-3201 CVE-2017-3202 CVE-2017-3206	Markus Wulftange &
2017-04-04	Adobe/Apache	Flex BlazeDS	4.7.2 ,	Java Deserialization, JavaBeans Setter, XXE	VU#307983 CVE-2017-5641 CVE-2015-3269	Markus Wulftange &
2017-04-04	Midnight Coders	WebORB for Java	5.1.1.0 ,	Java Deserialization ,XXE	VU#307983 CVE-2017-3207 CVE-2017-3208	Markus Wulftange &
2016-11-25		ezPublish		Arbitrary File Upload	EZP-26659	Markus Wulftange &
2016-10-05		ezPublish		SQL Injection	EZP-26405	Markus Wulftange &
2016-09-16	Code42 Software	CrashPlan PROe	3.6.2.1 ,	Java Deserialization	none	Markus Wulftange &
2016-05-25	HP	Service Manager	9.40 ,		CVE-2016-1998	Markus Wulftange &
2016-03-24	CommVault Systems	Edge Server	11 SP3 ,	SQL Injection, Path Traversal, JSP File Inclusion		Markus Wulftange &
2016-03-17	Oracle	Hyperion		Java Deserialization	CVE-2016-3493	Matthias Kaiser &
2016-02-22	Symantec	Endpoint Protection	11 ,
2016-01-05	CommVault Systems	Edge Server	11 Build 80 ,	Arbitrary File Upload/Download		Markus Wulftange &
2015-12-18	HP	Service Manager	9.40 ,	Java Deserialization, XXE	CVE-2016-1998 CVE-2016-4371	Markus Wulftange &
2015-12-09	Oracle	Weblogic JMS Client		Java Deserialization	CVE-2016-0638	Matthias Kaiser &
2015-12-08	IBM	WebSphere MQ JMS Client		Java Deserialization	CVE-2016-0360	Matthias Kaiser &
2015-11-16	Symantec	Endpoint Protection Manager		Command Injection	CVE-2015-6555	Markus Wulftange &
2015-11-16	Symantec	Endpoint Protection Manager		Java Deserialization	CVE-2015-6554	Matthias Kaiser &
2015-11-03	Apache	Active MQ		Java Deserialization	CVE-2015-7253	Matthias Kaiser &
2015-10-02	Lithium Technologies	Community				Markus Wulftange &
2015-09-04	CommVault Systems	Edge Server	10 R2 ,	Java Deserialization, Command Injection	VU#866432 CVE-2015-7253	Markus Wulftange &
2015-08-24	Apache	Flex BlazeDS			CVE-2015-3269	Matthias Kaiser &
2015-08-21	Atlassian	Bamboo		Java Deserialization	CVE-2015-6576	Matthias Kaiser &
2015-07-31	Symantec	Endpoint Protection	12 , 1 ,	Authentication Bypass, Arbitrary File Write/Read, Privilege Escalation, Path Traversal, SQL Injection, Binary Planting	CVE-2015-1486 CVE-2015-1487 CVE-2015-1488 CVE-2015-1489 CVE-2015-1490 CVE-2015-1491 CVE-2015-1492	Matthias Kaiser & Markus Wulftange &
2015-07-22		webEdition		SQL Injection	VU#242092	Markus Wulftange &
2015-07-21	WebsiteBaker	WebsiteBaker		SQL Injection	VU#164652	Markus Wulftange &
2015-06-15	Oracle	WebLogic Server		Java Deserialization	CVE-2015-4582	Matthias Kaiser &
2015-05-20	Webmin	Usermin	0.980-1.650 ,	Command Execution	CVE-2015-2079 https://code-white.com/blog/20...	David Elze &
2015-01-21	iPass	iPass Open Mobile		Privilege Escalation via named pipe	CVE-2015-0925 https://code-white.com/blog/20...	Matthias Kaiser &
	Atlassian	Jira			CVE-2015-8798	Markus Wulftange &
	Symantec	Management Server Client		Binary Planting	CVE-2015-8113
	Apache	ActiveMQ Artemis JMS Client		Java Deserialization	CVE-2016-4978	Matthias Kaiser &
	Apache	Qpid Client/JMS Client		Java Deserialization	CVE-2016-4974	Matthias Kaiser &
	Pivotal	Spring AMQP		Java Deserialization	CVE-2016-2173	Matthias Kaiser &
	Oracle	Weblogic Server		Java Deserialization	CVE-2015-4852	Matthias Kaiser &
	Oracle	WebLogic Server		Java Deserialization	CVE-2016-3551	Matthias Kaiser &
	Symantec	Management Server		Named Pipe Process Call Arbitrary	CVE-2015-8800
	Microsoft	Skype for Business		.NET Deserialization	CVE-2020-1147	Markus Wulftange &
	Symantec	Management Server		Path Traversal	CVE-2017-5641
	Symantec	Management Server		Path Traversal/Binary Planting on Deployed Agent	CVE-2015-8799
	Bomgar	Remote Support Portal		PHP Deserialization	CVE-2015-0935	Markus Wulftange &
	Symantec	Management Server		SQL Injection	CVE-2015-8157