CINXE.COM

Shielder - Advisories

<!doctype html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content="Collection of all our advisories."><meta name=Copyright content="Copyright &copy; Shielder"><meta property="og:title" content="Shielder - Advisories"><meta property="og:type" content="website"><meta property="og:url" content="https://www.shielder.com/advisories/"><meta property="og:image" content="https://www.shielder.com//img/shield.png"><meta property="og:image:type" content="image/png"><meta property="og:image:width" content="558"><meta property="og:image:height" content="558"><meta property="og:image:alt" content="Shielder shield"><meta property="og:locale" content="en_US"><meta property="og:description" content="Collection of all our advisories."><meta property="og:site_name" content="Shielder"><meta property="fb:app_id" content="1651492201761174"><meta name=twitter:card content="summary"><meta name=twitter:site content="@ShielderSec"><meta name=twitter:creator content="@ShielderSec"><meta name=twitter:title content="Shielder - Advisories"><meta name=twitter:description content="Collection of all our advisories."><meta name=twitter:image content="https://www.shielder.com//img/shield.png"><link rel=apple-touch-icon sizes=57x57 href=https://www.shielder.com/favicon/apple-touch-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://www.shielder.com/favicon/apple-touch-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://www.shielder.com/favicon/apple-touch-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://www.shielder.com/favicon/apple-touch-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://www.shielder.com/favicon/apple-touch-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://www.shielder.com/favicon/apple-touch-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://www.shielder.com/favicon/apple-touch-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://www.shielder.com/favicon/apple-touch-icon-152x152.png><link rel=apple-touch-icon sizes=167x167 href=https://www.shielder.com/favicon/apple-touch-icon-167x167.png><link rel=apple-touch-icon sizes=180x180 href=https://www.shielder.com/favicon/apple-touch-icon-180x180.png><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-96x96.png sizes=96x96><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-160x160.png sizes=160x160><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-192x192.png sizes=192x192><link rel="shortcut icon" href=https://www.shielder.com/favicon/favicon.ico><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-regular-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-solid-900.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><title>Shielder - Advisories </title><link rel=stylesheet defer href=https://www.shielder.com/css/bootstrap.min.css><link rel=stylesheet defer href=https://www.shielder.com/css/style.css><link rel=stylesheet async href=https://www.shielder.com/fontawesome/css/all.min.css><link rel=stylesheet async href=https://www.shielder.com/css/dracula.css><link rel=alternate type=application/rss+xml title="Shielder Blog" href=https://www.shielder.com/blog/index.xml><link rel=alternate type=application/rss+xml title="Shielder Advisories" href=https://www.shielder.com/advisories/index.xml></head><body class=bg-primary><nav class="navbar navbar-expand-lg fixed-top bg-primary p-3 px-md-5 px-lg-3 px-xl-5"><a class=navbar-brand href=https://www.shielder.com/ title=homepage><img src=https://www.shielder.com/img/logoshielder.svg alt="shielder logo homepage" class=w-75></a> <button class="navbar-toggler text-white p-0" type=button data-toggle=collapse data-target=#navbarNav aria-controls=navbarNav aria-expanded=false aria-label="Toggle navigation"> <i class="fas fa-bars"></i></button><div class="collapse navbar-collapse justify-content-end pt-2" id=navbarNav><ul class=navbar-nav><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/ title=Home>Home</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/company title=Company>Company</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/services title=Services>Services</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/advisories title=Advisories>Advisories</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/blog title=Blog>Blog</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/careers title=Careers>Careers</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/contacts title=Contacts>Contacts</a></li><li class="nav-item p-2"><button class="nav-link bg-transparent border-0 btn btn-primary dropdown-toggle rounded-0" type=button id=language-selector data-toggle=dropdown aria-haspopup=true aria-expanded=false> ENG</button><div class="dropdown-menu dropdown-menu-right" aria-labelledby=language-selector><a class=dropdown-item href=https://www.shielder.com/advisories/ title=ENG>ENG</a> <a class=dropdown-item href=https://www.shielder.com/it/advisories/ title=ITA>ITA</a></div></li></ul></div></nav><section id=advisories-intro><div class=container><div class=row><div class="col-12 text-white"><h3 class="text-uppercase mb-4">Advisories</h3><p class="bigger mb-0">Each great research deserves</p><p class="font-weight-bold bigger mb-5">some great advisories.</p></div></div></div></section><section><div class=container><div class=row><div class="col-12 mb-5"><p class=text-white><strong>Research</strong> is one of Shielder’s pillars.</br></br>We invest from 25% to 100% of employees’ time into <strong>0day vulnerability research, exploit development and training</strong>. By constantly pushing the boundaries of our knowledge and discovering new vulnerabilities, we contribute to the security of the digital ecosystem.</br></br>For each and every finding, we adhere to our <a href=/disclosure-policy>disclosure policy</a> and we publish an <a href=/advisories>advisory</a> with the technical details about the issue and the remediation. Furthermore, after completing throughout and long-term research campaigns, we openly share with the information security community our <em>modus operandi</em>, tools and lessons learned in our <a href=/blog>blog</a> and at conferences around the world.</br></br>We strive to continuously improve our capabilities and offer research-driven security consultancy to our clients. For any information, <a href=/contacts>get in touch with us</a>.</p></div></div><div class=row><div class="col-12 mb-5"><div class=accordion id=accordion40><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading40><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>28/08/2024</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Vtiger CRM (<= 8.1.0) Broken Access Control in Migration module" href=https://www.shielder.com/advisories/vtiger-migration-bac/>Vtiger CRM (&lt;= 8.1.0) Broken Access Control in Migration module</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse40 aria-expanded=false aria-controls=collapse40> +</button></div></div></div><div id=collapse40 class=collapse aria-labelledby=heading40}} data-parent=#accordion40><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Vtiger CRM &lt;= 8.1.0 does not correctly check user's privileges. A low-privileged user can interact directly with the `Migration` administrative module to disable arbitrary modules in the instance.</p><p><a class=text-decoration-none title="Vtiger CRM (<= 8.1.0) Broken Access Control in Migration module" href=https://www.shielder.com/advisories/vtiger-migration-bac/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion39><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading39><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>28/08/2024</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Vtiger CRM (<= 8.1.0) SQL Injection in MailManager module" href=https://www.shielder.com/advisories/vtiger-mailmanager-sqli/>Vtiger CRM (&lt;= 8.1.0) SQL Injection in MailManager module</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse39 aria-expanded=false aria-controls=collapse39> +</button></div></div></div><div id=collapse39 class=collapse aria-labelledby=heading39}} data-parent=#accordion39><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Vtiger CRM &lt;= 8.1.0 has a SQL injection vulnerability in the MailManager module.</p><p><a class=text-decoration-none title="Vtiger CRM (<= 8.1.0) SQL Injection in MailManager module" href=https://www.shielder.com/advisories/vtiger-mailmanager-sqli/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion38><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading38><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>18/04/2024</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Element Android (<1.6.12) Intent Redirection" href=https://www.shielder.com/advisories/element-android-intent-redirection/>Element Android (&lt;1.6.12) Intent Redirection</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse38 aria-expanded=false aria-controls=collapse38> +</button></div></div></div><div id=collapse38 class=collapse aria-labelledby=heading38}} data-parent=#accordion38><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Element Android (&lt;1.6.12) is affected by an intent redirection, allowing a third-party malicious application to start any internal activity by passing extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript, bypassing PIN code protection, and account takeover by spawning a login screen to send credentials to an arbitrary Matrix home server.</p><p><a class=text-decoration-none title="Element Android (<1.6.12) Intent Redirection" href=https://www.shielder.com/advisories/element-android-intent-redirection/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion39><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading39><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>18/04/2024</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Element Android (<1.6.12) Sensitive file disclosure via share activity" href=https://www.shielder.com/advisories/element-android-sensitive-file-disclosure/>Element Android (&lt;1.6.12) Sensitive file disclosure via share activity</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse39 aria-expanded=false aria-controls=collapse39> +</button></div></div></div><div id=collapse39 class=collapse aria-labelledby=heading39}} data-parent=#accordion39><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Element Android (&lt;1.6.12) is affected by a sensitive file disclosure, allowing a third-party malicious application to force sharing files stored under the `files` directory in the application's private sandboxed data directory to an arbitrary room. Sensitive files include the encrypted chat database, the FCM tokens, etc.</p><p><a class=text-decoration-none title="Element Android (<1.6.12) Sensitive file disclosure via share activity" href=https://www.shielder.com/advisories/element-android-sensitive-file-disclosure/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion37><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading37><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>08/03/2024</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)" href=https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/>pgAdmin (&lt;=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse37 aria-expanded=false aria-controls=collapse37> +</button></div></div></div><div id=collapse37 class=collapse aria-labelledby=heading37}} data-parent=#accordion37><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>pgAdmin &lt;= 8.3 is affected by a path-traversal vulnerability while deserializing user's session in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them and gain code execution.</p><p><a class=text-decoration-none title="pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE)" href=https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion36><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading36><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>21/12/2022</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Cisco BroadWorks CommPilot Application Software Authenticated Remote Code Execution (CVE-2022-20958)" href=https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution/>Cisco BroadWorks CommPilot Application Software Authenticated Remote Code Execution (CVE-2022-20958)</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse36 aria-expanded=false aria-controls=collapse36> +</button></div></div></div><div id=collapse36 class=collapse aria-labelledby=heading36}} data-parent=#accordion36><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>CVE-2022-20958: Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file validation and a broken access control on the vulnerable upload serverlet allows any authenticated user to upload a file which could be abused to run arbitrary code on the server.</p><p><a class=text-decoration-none title="Cisco BroadWorks CommPilot Application Software Authenticated Remote Code Execution (CVE-2022-20958)" href=https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion37><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading37><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>21/12/2022</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)" href=https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/>Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse37 aria-expanded=false aria-controls=collapse37> +</button></div></div></div><div id=collapse37 class=collapse aria-labelledby=heading37}} data-parent=#accordion37><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker to achieve a full-read SSRF.</p><p><a class=text-decoration-none title="Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)" href=https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion35><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading35><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>09/06/2022</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title='Autodesk Fusion 360 <= 2.0.12887 "Insert SVG" Blind XXE' href=https://www.shielder.com/advisories/autodesk-fusion-import-svg-blind-xxe/>Autodesk Fusion 360 &lt;= 2.0.12887 &ldquo;Insert SVG&rdquo; Blind XXE</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse35 aria-expanded=false aria-controls=collapse35> +</button></div></div></div><div id=collapse35 class=collapse aria-labelledby=heading35}} data-parent=#accordion35><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Autodesk Fusion 360 &lt;= 2.0.12887 parses SVG files with a vulnerable XML parser, leading to a Blind XML External Entities (XXE).</p><p><a class=text-decoration-none title='Autodesk Fusion 360 <= 2.0.12887 "Insert SVG" Blind XXE' href=https://www.shielder.com/advisories/autodesk-fusion-import-svg-blind-xxe/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion34><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading34><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>23/02/2022</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Remote Code Execution in pfSense <= 2.5.2" href=https://www.shielder.com/advisories/pfsense-remote-command-execution/>Remote Code Execution in pfSense &lt;= 2.5.2</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse34 aria-expanded=false aria-controls=collapse34> +</button></div></div></div><div id=collapse34 class=collapse aria-labelledby=heading34}} data-parent=#accordion34><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>pfSense &lt;= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.</p><p><a class=text-decoration-none title="Remote Code Execution in pfSense <= 2.5.2" href=https://www.shielder.com/advisories/pfsense-remote-command-execution/>Read more</a></p></div></div></div></div></div></div></div></div></div><div class="col-12 mb-5"><div class=accordion id=accordion27><div class="card bg-transparent border"><div class=row><div class="col-12 col-md-1 bg-secondary d-flex align-items-center py-1 py-md-0"><p class="text-uppercase accordion-category mb-0 font-weight-bold pl-3 pl-md-0 Advisory"><a class="text-uppercase text-decoration-none smaller text-secondary" title=Advisory href=/types/advisory>Advisory</a></p></div><div class="col-12 col-md-11"><div class="card-header pb-4" id=heading27><div class=row><div class="col-12 text-white mb-2 mb-md-4"><p>24/09/2021</p></div><div class="col-12 col-md-3 d-flex align-items-center mb-3 mb-md-0"><img src=https://www.shielder.com//img/advisory.png class=advisory-img alt=[Advisory]> <span class="text-white pl-2"><a class="text-decoration-none text-white" title=Advisory href=/types/advisory>Advisory</a></span></div><div class="col-12 col-sm-10 col-md-8 d-flex align-items-center"><p class="font-weight-bold text-white mb-4 mb-sm-0"><a class="text-decoration-none text-white" title="Remote Command Execution in Visual Studio Code Remote Development Extension 1.50" href=https://www.shielder.com/advisories/remote-command-execution-in-visual-studio-code-remote-development-extension/>Remote Command Execution in Visual Studio Code Remote Development Extension 1.50</a></p></div><div class="col-12 col-sm-2 col-md-1 px-2 px-lg-3 text-center text-md-right"><button class="btn btn-outline-primary rounded-pill btn-link text-left text-decoration-none" type=button data-toggle=collapse data-target=#collapse27 aria-expanded=false aria-controls=collapse27> +</button></div></div></div><div id=collapse27 class=collapse aria-labelledby=heading27}} data-parent=#accordion27><div class=row><div class="col-12 col-md-3 d-flex align-items-center"></div><div class="col-12 col-md-8"><div class="card-body text-white pl-md-2"><p>Visual Studio Code Remote Development Extension 1.50 failed to sanitize the host field before using it as an argument of the ssh command, allowing to inject a ProxyCommand option which could be used to run arbitray commands.</p><p><a class=text-decoration-none title="Remote Command Execution in Visual Studio Code Remote Development Extension 1.50" href=https://www.shielder.com/advisories/remote-command-execution-in-visual-studio-code-remote-development-extension/>Read more</a></p></div></div></div></div></div></div></div></div></div></div><div class=row><div class=col-12><nav aria-label="page navigation"><ul class=pagination><li class="page-item active"><a href=/advisories/ class=page-link>1</a></li><li class=page-item><a href=/advisories/page/2/ class=page-link>2</a></li><li class=page-item><a href=/advisories/page/2/ rel=next class=page-link>›</a></li><li class=page-item><a href=/advisories/page/5/ rel=last class=page-link>»</a></li></ul></nav></div></div></div></section><footer class="pt-5 pb-4 px-3 px-md-0"><div class=container><div class="row text-center"><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Info</p><p class=footer-info>Shielder S.p.A.</p><p class=footer-info>P.I. 11435310013</p><p class=footer-info>REA TO - 1213132</p><p class=footer-info>Registered Capital: 81.000,00 €</p><p><a class="text-decoration-none text-white" target=_blank rel=noopener href="https://www.google.it/maps/place/Shielder/@44.8833849,7.3303863,17z/data=!3m1!4b1!4m5!3m4!1s0x4788250440849fa5:0x74cf10f2092abc85!8m2!3d44.8833849!4d7.332575" title="corporate headquarters">Via Palestro, 1/C<br>10064 Pinerolo (TO) Italy</a></p><div class="iso-logos row justify-content-center mb-4 pb-lg-0 mb-lg-0"><div class=col-3><img alt=ISO27001 src=/img/iso27001.png></div><div class=col-3><img alt=ISO9001 src=/img/iso9001.png></div></div></div><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Contacts</p><p class=footer-contact><a class="text-decoration-none text-white" href=mailto:info@shielder.com title="email Shielder">info@shielder.com</a></p><p class=footer-contact>Landline: <a class="text-decoration-none text-white" href=tel:+390121393642 title=Landline>(+39) 0121 - 39 36 42</a></p><p class=footer-contact>Commercial: <a class="text-decoration-none text-white" href=tel:+393453031983 title=Commercial>(+39) 345 - 30 31 983</a></p><p class=footer-contact>Technical: <a class="text-decoration-none text-white" href=tel:+393931666814 title=Technical>(+39) 393 - 16 66 814</a></p><p><span><a href=https://twitter.com/ShielderSec title="Shielder Twitter profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-x-twitter bigger-icon"></i></a> </span><span class=pl-3><a href=https://infosec.exchange/@Shielder title="Shielder Mastodon profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-mastodon bigger-icon"></i></a> </span><span class=px-3><a href=https://www.linkedin.com/company/shielder title="Shielder LinkedIn profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-linkedin bigger-icon"></i></a> </span><span><a href=https://github.com/shieldersec title="Shielder Github profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-github bigger-icon"></i></a></span></p></div><div class="col-12 col-lg-4 text-white mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Sitemap</p><p><a class="text-decoration-none text-white" title=Home href=https://www.shielder.com/>Home</a></p><p><a class="text-decoration-none text-white" title=Company href=https://www.shielder.com/company>Company</a></p><p><a class="text-decoration-none text-white" title=Services href=https://www.shielder.com/services>Services</a></p><p><a class="text-decoration-none text-white" title=Advisories href=https://www.shielder.com/advisories>Advisories</a></p><p><a class="text-decoration-none text-white" title=Blog href=https://www.shielder.com/blog>Blog</a></p><p><a class="text-decoration-none text-white" title=Careers href=https://www.shielder.com/careers>Careers</a></p><p><a class="text-decoration-none text-white" title=Contacts href=https://www.shielder.com/contacts>Contacts</a></p></div><div class="col-12 mt-5"><span class="mb-2 mb-lg-0 border-md-right pr-2 text-white d-block d-lg-inline">Copyright © Shielder 2014 - 2025</span> <span class="mb-2 mb-lg-0 border-md-right pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/disclosure-policy title="Disclosure Policy">Disclosure policy</a></span> <span class="mb-2 mb-lg-0 pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/privacy-policy title="Privacy Policy">Privacy policy</a></span></div></div></div></footer><script src=https://www.shielder.com/js/jquery.min.js></script><script src=https://www.shielder.com/js/app.js></script><script src=https://www.shielder.com/js/bootstrap.bundle.min.js></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10