Advisories

When we discover vulnerabilities in third party software, we disclose them responsibly and publish them here.

Directory traversal in Aviatrix allows an authenticated user to read and write to any file

Published: 2021-08-24 | Severity: Medium

An authenticated user can read, create and replace arbitrary files to any location on an Aviatrix Cloud Controller. These files could include configuration files, Aviatrix source code, or PHP scripts, which would allow the attacker to run code of their choosing on the host.

Read more

Unrestricted upload of file with dangerous type in Aviatrix allows an authenticated user to execute arbitrary code

Published: 2021-08-24 | Severity: High

An authenticated user can upload arbitrary files to a web directory on an Aviatrix Cloud Controller. These files could include PHP scripts, which would allow the attacker to run code of their choosing on the host.

Read more

Cross-Site Request Forgery vulnerability in the Merge + Minify + Refresh plugin

Published: 2020-02-05 | Severity: High

A CSRF vulnerability allows an unauthenticated attacker to take over the Wordpress installation

Read more

Cross-Site Request Forgery vulnerability in the WP Fastest Cache plugin

Published: 2020-02-05 | Severity: Medium

A CSRF vulnerability allows an unauthenticated attacker to delete the Wordpress installation

Read more

ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem

Published: 2018-06-06 | Severity: High

If logged in as an administrator of any WordPress blog on a WordPress multisite, you can run arbitrary code and completely compromise the system by using the setup page for the Redirection plugin.

Read more

Unserialisation vulnerability in Redirection could allow admin to execute arbitrary code in some circumstances

Published: 2018-06-06 | Severity: High

It is possible for a user with the administrator privilege to execute arbitrary code.

Read more

SQLi in Relevanssi might allow an admin to read contents of database

Published: 2018-04-10 | Severity: High

If logged in as an administrator on any site, you can extract all values in the database, including password hashes and user activation tokens.

Read more

XenMobile leaks device information including personal data

Published: 2018-03-26 | Severity: Medium

Data about users and devices, including email addresses and IMEI identifiers, can be obtained without authentication from XenMobile up to version 10.7

Read more

XenMobile contains a vulnerable version of Hazelcast, remote code execution via object serialisation

Published: 2018-03-26 | Severity: High

XenMobile runs, inside its firewall, a vulnerable version of a Hazelcast server.

Read more

Untrusted deserialisation in XenMobile 10.6 through 10.8 allows network-adjacent unauthenticated users to remotely execute code

Published: 2018-03-26 | Severity: High

XenMobile includes a service listening on port 5001 within its firewall that can be used to create a remote code execution vulnerability.

Read more

XenMobile contains a reflected cross-site scripting vulnerability

Published: 2018-03-26 | Severity: Medium

XenMobile can be tricked into displaying content of the attacker’s choosing

Read more

XenMobile contains open redirect vulnerabilities

Published: 2018-03-26 | Severity: Medium

XenMobile contains open redirect vulnerabilities. This is a class of vulnerability where a service will redirect a user to a location controlled by an attacker.

Read more

Lack of authentication in Citrix XenMobile allows low-privileged local users to execute system commands as root

Published: 2018-03-26 | Severity: High

Users who can make network requests from localhost can run commands as root.

Read more

Insufficient path validation in XenMobile unzip API call allows attackers to write to arbitrary files and remotely execute code

Published: 2018-03-26 | Severity: High

It is possible to upload JSP files to XenMobile’s Tomcat server, leading to arbitrary code execution.

Read more

XenMobile contains numerous unauthenticated file upload vulnerabilities

Published: 2018-03-26 | Severity: Medium

It was possible to upload files to the XenMobile server without authentication.

Read more

XenMobile allows attackers to read arbitrary files

Published: 2018-03-26 | Severity: High

It is possible read most of the files and make network calls to private services on the XenMobile servers without authenticating.

Read more

Talk to us

If you're interested in a conversation about how Tradecraft could help your organisation, we'd love to talk.

You can email hello@wearetradecraft.com or call us on 0345 257 7520.

For a monthly update on interesting news, join our newsletter, Security Offcuts

Advisories

Events

London Lockpicking

A monthly lockpicking meetup. Warning: addictive!

Join London Lockpicking

Tradecraft Talks

A series of talks, panels and presentations on interesting security questions.

Join Tradecraft Talks

© 2023 Tradecraft Ltd. Tradecraft Ltd is a company registered in England & Wales, no. 10984430. Registered address Unit 326 Canalot Studios, 222 Kensal Road, London, W10 5BN.

Privacy policy / Events code of conduct / Responsible disclosure