Date Vendor Product Versions Description References Credits

2024-06-11

Microsoft

Dynamics 365 Business Central

< June 2024 ,

Pre-Auth Insecure Deserialization

CVE-2024-35248 CVE-2024-35249

Florian Hauser &

2024-04-22

Newforma

Project Center Server

<= latest/2023.3.0.32259 (not fixed) ,

Insecure .NET Remoting

CVE-2024-32499

Florian Roth & Markus Wulftange &

2024-02-19

Salesforce

Tableau Server

latest version (won't fix) ,

SSRF & NetNTLM Leaks

https://frycos.github.io/vulns...

Florian Hauser &

2023-12-19

GANZ Security (CBC Group)

AI BOX

< 100378 ,

Authentication Bypass

https://frycos.github.io/vulns...

Florian Hauser &

2023-12-19

Netavis Software GmbH

CCTV with Observer

~ 4.6.8 (not fixed) ,

Pre-Authenticated XXE

n/a

Florian Hauser &

2023-12-14

Hitachi Ventara

Pentaho Business Analytics Server

8.x , < 9.5.0.1 , < 9.3.0.5 ,

JNDI Injection

CVE-2023-3517 https://support.pentaho.com/hc...

Markus Wulftange &

2023-12-12

Janitza

GridVis

< 9.0.67 ,

Authenticated Remote Code Execution

CVE-2023-50895

Fabian Weber &

2023-12-12

Janitza

GridVis

< 9.0.67 ,

Hard-Coded Encryption Password Allows for Authenticated Leak of Cleartext Database Credentials

CVE-2023-50894

Fabian Weber &

2023-11-29

Indu-Sol GmbH

PROFINET-INspector NT

< 2.4.1 ,

Unauthenticated Arbitrary File Write as Root

CVE-2023-49960

Fabian Weber &

2023-11-29

Indu-Sol GmbH

PROFINET-INspector NT

< 2.4.1 ,

Unauthenticated OS Command Injection

CVE-2023-49959

Fabian Weber &

2023-11-14

Microsoft

ASP.NET

< November 2023 ,

Security Feature Bypass Vulnerability

CVE-2023-36560

Markus Wulftange &

2023-10-10

Microsoft

Skype for Business Server

< Skype for Business Server 2019 CU7 and Skype for Business Server 2015 CU13 ,

Unauthenticated Server-side Request Forgery

https://msrc.microsoft.com/upd... https://frycos.github.io/vulns...

Florian Hauser &

2023-07-26

Ivanti

Ivanti Desktop and Server Management

< DSM 2022.2 SU3 ,

Local Privilege Escalation

CVE-2023-28129 https://forums.ivanti.com/s/ar...

Tobias Neitzel &

2023-07-15

OneVision Software AG

Workspace

< v.WS22.1 SR1 (build w29.032) , < v.WS22.2 SR3 (build w30.044) < v.WS23.1 SR1 (build w31.040) ,

Arbitrary Java EL Execution

CVE-2023-42404

Matteo Tomaselli &

2023-07-11

Microsoft

SharePoint

< July 2023 ,

SPPageparserFilter Bypass

CVE-2023-33160 https://code-white.com/blog/ex...

Markus Wulftange &

2023-06-19

Developer Express, Inc

DevExpress

< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,

Data Source Protection Bypass During XML Deserialization

CVE-2023-35815 https://supportcenter.devexpre... https://supportcenter.devexpre...

Markus Wulftange &

2023-06-19

Sitecore

Experience Manager, Experience Platform, and Experience Commerce

< 10.3 ,

Exposed Dangerous Method or Function

CVE-2023-35813 https://support.sitecore.com/k... https://code-white.com/blog/ex...

Markus Wulftange &

2023-06-19

Developer Express, Inc

DevExpress

< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,

Insecure Arbitrary TypeConverter Conversion

CVE-2023-35816 https://supportcenter.devexpre... https://supportcenter.devexpre...

Markus Wulftange &

2023-06-19

Developer Express, Inc

DevExpress

< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,

Missing Protection of XtraReport Serialized Data in ASP.NET Web Forms

CVE-2023-35814 https://supportcenter.devexpre... https://supportcenter.devexpre... https://supportcenter.devexpre...

Markus Wulftange &

2023-06-19

Developer Express, Inc

DevExpress

< 23.1.3 , < 22.2.6 , < 22.2.3 , < 22.1.9 , < 22.1.7 , < 21.2.12 ,

Server-Side Request Forgery Via AsyncDownloader

CVE-2023-35817 https://supportcenter.devexpre... https://supportcenter.devexpre... https://supportcenter.devexpre...

Markus Wulftange &

2023-05-24

Hitachi Ventara

Pentaho Business Analytics Server

< 9.3.0.3 , < 9.4.0.1 ,

Deserialization of Untrusted Data

CVE-2022-4815 https://support.pentaho.com/hc...

Markus Wulftange &

2023-04-14

MCL Technologies

MCL-Net

< 4.6 ,

Unauthenticated Arbitrary File Read as SYSTEM

https://www.mcl-mobilityplatfo...

Florian Hauser &

2023-03-02

Fortinet

FortiNAC

< 9.4.3/4 ,

Multiple Vulnerabilities (Unauthenticated)

CVE-2023-33299 https://www.fortiguard.com/psi... CVE-2023-33300 https://www.fortiguard.com/psi...

Florian Hauser &

2023-02-20

Technicolor

TG670 DSL gateway router

<= 10.5.N.9 ,

Hard-coded Administrative Credentials

CVE-2023-31808 https://www.kb.cert.org/vuls/i...

Florian Hauser &

2023-02-02

Fortra

GoAnywhere MFT

< 7.1.2 ,

Unauthenticated Remote Code Execution

CVE-2023-0669 https://frycos.github.io/vulns...

Florian Hauser &

2023-01-18

Docmosis

Tornado Server

< 2.9.5 ,

Multiple Vulnerabilities

CVE-2023-25264 CVE-2023-25265 CVE-2023-25266 https://frycos.github.io/vulns...

Florian Hauser &

2022-11-23

pgAdmin

pgAdmin Web (Windows)

<= 6.16 ,

Unauthenticated Remote Code Execution

CVE-2022-4223 https://www.pgadmin.org/docs/p...

Florian Hauser &

2022-11-09

Sophos

Sophos Mobile

5.0.0 <= 9.7.4 ,

Unauthenticated XXE

CVE-2022-3980 https://www.sophos.com/en-us/s...

Florian Hauser &

2022-10-10

Apache

Apache Archiva

latest version (won't fix) ,

Unauthorized User Registration

n/a

Florian Hauser &

2022-09-09

GFI Software

Kerio Connect

9.4.0 <= 9.4.2 ,

Low-Priv User Stack Buffer Overflow in 2FA

CVE-2023-25267

Florian Hauser &

2022-07-26

ConnectWise

R1Soft Server Backup Manager

<= v6.16.3 ,

Authentication Bypass

https://www.connectwise.com/co...

Florian Hauser &

2022-07-12

innovaphone AG

App Platform AP Manager

<= 13r2 sr17 ,

Authenticated Command Injection

CVE-2022-41870 http://wiki.innovaphone.com/in...

Dennis Herrmann &

2022-07-12

SEPPmail AG

SEPPmail Appliance

<= 12.1.17 ,

Authenticated Command Injection

CVE-2022-41871

Dennis Herrmann &

2022-06-28

Moxa

EDR-810 Series

not fixed yet ,

Authenticated Command Injection

n/a

Simon Janz &

2022-06-28

Moxa

TN-5916 NAT Router

not fixed yet ,

Authenticated Command Injection

n/a

Simon Janz &

2022-06-28

Moxa

TN-5916 NAT Router

not fixed yet ,

Authentication Bypass

n/a

Simon Janz &

2022-06-09

SmarterTools

SmarterStats

< 8195 ,

Unauthenticated Remode Code Execution in gRPC Interfaces

https://frycos.github.io/vulns...

Florian Hauser &

2022-05-10

Potix Corporation

ZK Framework

< 9.6.2 ,

RequestDispatcher Local File Inclusion

CVE-2022-36537 https://tracker.zkoss.org/brow...

Markus Wulftange &

2022-02-14

3CX

Phone Management System

< 18 Update 3 ,

Unauthenticated Remote Code Execution

CVE-2022-28005 CVE-2022-48483 CVE-2022-48482 https://www.3cx.com/blog/relea...

Florian Hauser &

2022-02-08

HPE

StoreEver ESL G3 Tape Library

not fixed (EoL) ,

Unauthenticated Remote Code Execution

n/a

Florian Hauser &

2022-01-20

Citrix

Citrix ADM

13.0 before 13.0-85.19 and 13.1 before 13.1-21.53 ,

Authentication Bypass (Unauthenticated Root Password Reset)

CVE-2022-27511 https://support.citrix.com/art...

Florian Hauser & Philipp Schmied &

2022-01-20

Citrix

Citrix ADM

13.0 before 13.0-85.19 and 13.1 before 13.1-21.53 ,

Unauthenticated Service Shutdown

CVE-2022-27512 https://support.citrix.com/art...

Florian Hauser & Philipp Schmied &

2022-01-10

Act! LLC.

ACT! CRM

reported , status unknown ,

Unauthenticated Remote Code Execution

https://code-white.com/blog/20...

Florian Hauser &

2021-12-15

Microsoft

Exchange 2013/2016/2019

Prior Patch Day January 2022 ,

Deserialization Protection Bypass

CVE-2022-21969 https://msrc.microsoft.com/upd...

Florian Hauser &

2021-11-04

IBM

ADMIRA/AREMA

not fixed ,

Unauthenticated Remote Code Execution

n/a

Florian Hauser &

2021-10-25

PikeTec

TPT

< 15u5 , < 16u4 ,

Unauthenticated Remote Code Execution

https://files.piketec.com/down... https://files.piketec.com/down...

Florian Hauser &

2021-10-21

TIBCO

TIBCO JasperReports Server

<= 7.9.0 ,

Authenticated XXE

CVE-2021-35496 https://www.tibco.com/support/...

Florian Hauser &

2021-09-21

Jedox GmbH

Jedox

< 2021.3 ,

(Un)Authenticated Remote Code Execution

https://knowledgebase.jedox.co...

Florian Hauser & Christian Fünfhaus &

2021-09-14

Siemens

Cerberus DSM, Desigo CC, Desigo CC Compact

.NET Deserialization

CVE-2021-37181

Markus Wulftange &

2021-08-03

Pageflex

Storefront

Arbitrary File Reading via Hard-coded Crypto Key

Markus Wulftange &

2021-07-28

Lobster

Lobster AdminConsole

RCE via Arbitrary Class Execution

Philipp Schmied &

2021-06-18

Aternity

Aternity Agent

< 12.1.3.95 ,

Local Privilege Escalation to SYSTEM

https://help.aternity.com/bund...

Florian Hauser &

2021-04-30

Citrix

ShareFile StorageZone Controller

< 5.11.20 ,

Path Traversal

CVE-2021-22941 https://support.citrix.com/art...

Markus Wulftange &

2021-01-15

Veeam

Backup & Replication

< 10.0.1.4854 P20210609 , < 11.0.0.837 P20210507 ,

.NET Deserialization via .NET Remoting

CVE-2021-35971

Markus Wulftange &

2020-12-08

Cisco

Security Manager

<= 4.23 ,

Several Unauthenticated Remote Code Executions, File Reads and Writes

CVE-2020-27130 CVE-2020-27131 CVE-2020,27125 https://tools.cisco.com/securi... https://tools.cisco.com/securi... https://tools.cisco.com/securi...

Florian Hauser &

2020-09-09

Eonic

Protean CMS

< 6.0.42.6 ,

Various vulnerabilities (file read, file write, SQL injection, XSL transformation, DataSet deserialization)

https://github.com/Eonic/Prote... https://github.com/Eonic/Prote... https://github.com/Eonic/Prote...

Markus Wulftange &

2020-09-02

SparxSystems

WebConfig

<= 4.1.43 ,

LFI leads to RCE

Philipp Schmied &

2020-07-13

Sophos

Firewall XG

SQL Injection

CVE-2020-15504

Jakob Heusinger & Matteo Tomaselli &

2020-05-11

Oracle

WebLogic Server

14.1.1 ,

Java Deserialization

CVE-2020-14644 CVE-2020-14645 CVE-2020-14687

Markus Wulftange &

2020-04-29

Pivotal

Spring Web MVC

Arbitrary File Read

Markus Wulftange &

2020-04-17

SmarterTools Inc.

SmarterStats

< 7422 ,

Unauthenticated Remote Code Execution via .NET Remoting

https://www.smartertools.com/s...

Florian Hauser &

2020-04-16

Dell

Dell VxRail

4.7.410/4.7.411/4.7.510 ,

Unauthenticated access to encrypted administration credentials

CVE-2020-5368 https://www.dell.com/support/k...

Florian Hauser &

2020-04-15

The OpenNMS Group

OpenNMS

< 26.0.1 ,

Authenticated Remote Code Execution via unsecure Java deserialization

CVE-2020-12760 https://issues.opennms.org/bro...

Florian Hauser &

2020-04-15

Zoho Corporation

ManageEngine ADManager Plus, ManageEngine Cloud Security Plus, ManageEngine Log360, ManageEngine ADAudit Plus, ManageEngine DataSecurity Plus, ManageEngine O365 Manager Plus, ManageEngine RecoveryManager Plus, ManageEngine EventLog Analyzer

< 7055 < 4110 < 5166 < 6052 < 6033 < 4334 < 6017 < 12136 ,

Unauthenticated change of system configuration via unprotected Java servlets.

CVE-2020-24786 https://medium.com/p/another-z...

Florian Hauser &

2020-04-08

HP

HPE Insight Systems Manager

<= 7.6 (unpatched) ,

Unauthenticated Remote Code Execution via unsecure Java deserialization

https://support.hpe.com/hpesc/...

Florian Hauser &

2020-04-06

Ivanti

Avalanche Data Repository Service

SQL Injection ,

6.2.2 <= 6.3.1

https://forums.ivanti.com/s/ar...

Kai Ullrich &

2020-03-20

Liferay

Portal

6.x , 7.x ,

Java Deserialization

CST-7111 CST-7205 CVE-2020-7961

Markus Wulftange &

2020-03-17

Progress

Telerik UI for Silverlight

Arbitrary File Upload

CVE-2020-11414 https://knowledgebase.progress...

Markus Wulftange &

2020-03-09

SAP

Netweaver

7.10 , 7.11 , 7.30 , 7.31 , 7.40 , 7.50 ,

Missing Authorization Check in SAP NetWeaver AS JAVA (MigrationService)

CVE-2021-21481 https://wiki.scn.sap.com/wiki/...

Kai Ullrich &

2020-02-27

SmarterTools

SmarterMail

15.7.6970 ,

Markus Wulftange &

2020-02-10

FortiNet

FortiSIEM

Java Deserialization

Daniel Schacknat & Markus Wulftange &

2020-01-17

Atoss

ASES

Authentication Bypass, Path Traversal

Markus Wulftange &

2020-01-08

Progress

Telerik MVC

Path Traversal

Markus Wulftange &

2019-11-27

Károly Pados

TinyWall

< 2.1.13 ,

Privilege escalation via unsecure .NET deserialization and Process Spoofing.

CVE-2019-19470 https://code-white.com/blog/20...

Florian Hauser & Markus Wulftange &

2019-11-21

Sage

300 People

Java Deserialization

Markus Wulftange &

2019-10-18

Orckestra Technologies Inc.

C1 CMS

< 6.7 ,

Authenticated Remote Code Execution via unsecure .NET deserialization.

CVE-2019-18211 https://github.com/Orckestra/C... https://medium.com/@frycos/yet...

Florian Hauser &

2019-10-09

Zoho Corporation

ManageEngine OpManager

< 12.4 ,

Unauthenticated SQL-Injection via unprotected Java servlet

CVE-2019-17602 https://medium.com/@frycos/fin...

Florian Hauser &

2019-10-01

Progress

Telerik UI for Ajax ASP.NET

Mitigation Bypass

Markus Wulftange &

2019-08-27

myLittleTools

myLittleAdmin

3.8 ,

.NET Deserialization

Markus Wulftange &

2019-08-26

MailEnable Pty. Ltd

MailEnable

Path Traversal, Unauthenticated Socks5 Proxy

Markus Wulftange &

2019-07-25

cPanel Inc.

cpanel-dovecot-solr

Java Deserialization

n/a

Florian Hauser & Markus Wulftange &

2019-07-22

FTAPI

FTAPI

< 4.6.3 ,

Authenticated Remote Code Execution via unsecure Java deserialization

https://www.ftapi.com/Release-... see Version 4.6.3

Florian Hauser &

2019-06-04

Absorb LMS

.NET Deserialization

Markus Wulftange &

2019-05-17

Oracle

Secure Global Desktop

5.40-901 ,

Java Deserialization

Ben Heimerdinger & Markus Wulftange &

2019-03-27

IBM

IBM ServRAID

all versions ,

Unauthenticated Remote Code Execution via unprotected RMI-Registry.

n/a

Florian Hauser &

2019-02-12

SmarterTools

SmarterMail

15.x ,

XXE in SyncML, XXE in Keyoti RapidSpell

Markus Wulftange &

2019-02-07

CribMaster

CribMaster

.NET Deserialization

Markus Wulftange &

2019-02-07

Progress

Telerik UI for Ajax ASP.NET

.NET Deserialization

CVE-2019-18935

Markus Wulftange &

2019-01-14

Developer Express Inc.

DevExpress

< 13.1.13 , < 13.2.14 , < 14.1.14 , < 14.2.16 , < 15.1.14 , < 15.2.18 , < 16.1.16 , < 16.2.14 , < 17.1.14 , < 17.2.12 , < 18.1.9 , < 18.2.6 ,

.NET Deserialization

T706639

Markus Wulftange &

2018-12-04

ILIAS

ILIAS

< 4.4.5? ,

Authenticated file system data exfiltration via SOAP webservice.

Probably https://docu.ilias.de/ilias.ph...

Florian Hauser &

2018-11-13

Avast Business

Managed Workplace RMM

.NET Deserialization

CVE-2019-18935

Markus Wulftange &

2018-05-30

RedHat

RichFaces

4.x ,

EL Injection

RF-14309 CVE-2018-12532

Markus Wulftange &

2018-05-30

RedHat

RichFaces

3.x ,

EL Injection

RF-14310 CVE-2018-12533

Markus Wulftange &

2018-04-23

Genuine Channels

.NET Deserialization

Markus Wulftange &

2018-04-13

GWT

Java Deserialization

Markus Wulftange &

2018-02-22

TMW Systems

.NET Deserialization

Markus Wulftange &

2017-08-17

Tufin

El Injection

Markus Wulftange &

2017-05-17

SAP

P4

Java Deserialization

Kai Ullrich &

2017-04-04

HPE

Java Deserialization

Markus Wulftange &

2017-04-04

Atlassian

Jira

4.2.4-6.3.0 ,

Java Deserialization

VU#307983 CVE-2017-5983

Markus Wulftange &

2017-04-04

Pivotal

Spring Flex

Java Deserialization

VU#307983 CVE-2017-3203

Markus Wulftange &

2017-04-04

GraniteDS

3.1.1.GA ,

Java Deserialization, JavaBeans Setter

VU#307983 CVE-2017-3199 CVE-2017-3200

Markus Wulftange &

2017-04-04

Exadel

Flamingo amf-serializer

2.2.0 ,

Java Deserialization, JavaBeans Setter, XXE

VU#307983 CVE-2017-3201 CVE-2017-3202 CVE-2017-3206

Markus Wulftange &

2017-04-04

Adobe/Apache

Flex BlazeDS

4.7.2 ,

Java Deserialization, JavaBeans Setter, XXE

VU#307983 CVE-2017-5641 CVE-2015-3269

Markus Wulftange &

2017-04-04

Midnight Coders

WebORB for Java

5.1.1.0 ,

Java Deserialization ,XXE

VU#307983 CVE-2017-3207 CVE-2017-3208

Markus Wulftange &

2016-11-25

ezPublish

Arbitrary File Upload

EZP-26659

Markus Wulftange &

2016-10-05

ezPublish

SQL Injection

EZP-26405

Markus Wulftange &

2016-09-16

Code42 Software

CrashPlan PROe

3.6.2.1 ,

Java Deserialization

none

Markus Wulftange &

2016-05-25

HP

Service Manager

9.40 ,

CVE-2016-1998

Markus Wulftange &

2016-03-24

CommVault Systems

Edge Server

11 SP3 ,

SQL Injection, Path Traversal, JSP File Inclusion

Markus Wulftange &

2016-03-17

Oracle

Hyperion

Java Deserialization

CVE-2016-3493

Matthias Kaiser &

2016-02-22

Symantec

Endpoint Protection

11 ,

2016-01-05

CommVault Systems

Edge Server

11 Build 80 ,

Arbitrary File Upload/Download

Markus Wulftange &

2015-12-18

HP

Service Manager

9.40 ,

Java Deserialization, XXE

CVE-2016-1998 CVE-2016-4371

Markus Wulftange &

2015-12-09

Oracle

Weblogic JMS Client

Java Deserialization

CVE-2016-0638

Matthias Kaiser &

2015-12-08

IBM

WebSphere MQ JMS Client

Java Deserialization

CVE-2016-0360

Matthias Kaiser &

2015-11-16

Symantec

Endpoint Protection Manager

Command Injection

CVE-2015-6555

Markus Wulftange &

2015-11-16

Symantec

Endpoint Protection Manager

Java Deserialization

CVE-2015-6554

Matthias Kaiser &

2015-11-03

Apache

Active MQ

Java Deserialization

CVE-2015-7253

Matthias Kaiser &

2015-10-02

Lithium Technologies

Community

Markus Wulftange &

2015-09-04

CommVault Systems

Edge Server

10 R2 ,

Java Deserialization, Command Injection

VU#866432 CVE-2015-7253

Markus Wulftange &

2015-08-24

Apache

Flex BlazeDS

CVE-2015-3269

Matthias Kaiser &

2015-08-21

Atlassian

Bamboo

Java Deserialization

CVE-2015-6576

Matthias Kaiser &

2015-07-31

Symantec

Endpoint Protection

12 , 1 ,

Authentication Bypass, Arbitrary File Write/Read, Privilege Escalation, Path Traversal, SQL Injection, Binary Planting

CVE-2015-1486 CVE-2015-1487 CVE-2015-1488 CVE-2015-1489 CVE-2015-1490 CVE-2015-1491 CVE-2015-1492

Matthias Kaiser & Markus Wulftange &

2015-07-22

webEdition

SQL Injection

VU#242092

Markus Wulftange &

2015-07-21

WebsiteBaker

WebsiteBaker

SQL Injection

VU#164652

Markus Wulftange &

2015-06-15

Oracle

WebLogic Server

Java Deserialization

CVE-2015-4582

Matthias Kaiser &

2015-05-20

Webmin

Usermin

0.980-1.650 ,

Command Execution

CVE-2015-2079 https://code-white.com/blog/20...

David Elze &

2015-01-21

iPass

iPass Open Mobile

Privilege Escalation via named pipe

CVE-2015-0925 https://code-white.com/blog/20...

Matthias Kaiser &

Atlassian

Jira

CVE-2015-8798

Markus Wulftange &

Symantec

Management Server Client

Binary Planting

CVE-2015-8113

Apache

ActiveMQ Artemis JMS Client

Java Deserialization

CVE-2016-4978

Matthias Kaiser &

Apache

Qpid Client/JMS Client

Java Deserialization

CVE-2016-4974

Matthias Kaiser &

Pivotal

Spring AMQP

Java Deserialization

CVE-2016-2173

Matthias Kaiser &

Oracle

Weblogic Server

Java Deserialization

CVE-2015-4852

Matthias Kaiser &

Oracle

WebLogic Server

Java Deserialization

CVE-2016-3551

Matthias Kaiser &

Symantec

Management Server

Named Pipe Process Call Arbitrary

CVE-2015-8800

Microsoft

Skype for Business

.NET Deserialization

CVE-2020-1147

Markus Wulftange &

Symantec

Management Server

Path Traversal

CVE-2017-5641

Symantec

Management Server

Path Traversal/Binary Planting on Deployed Agent

CVE-2015-8799

Bomgar

Remote Support Portal

PHP Deserialization

CVE-2015-0935

Markus Wulftange &

Symantec

Management Server

SQL Injection

CVE-2015-8157