InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

Greyhound Critical Vulnerabilities - Road Rewards Program

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Amtrak Mobile APIs - Multiple Vulnerabilities

OpenMRS - Insecure Object Deserialization

Silverpeas 5.15 To 6.0.2: Path Traversal

PhpSpreadsheet Versions<=1.5.0 - XXE injection

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities

SV3C L-Series HD Camera – Multiple Vulnerabilities

Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting

Subsonic 6.1.1 - Multiple Vulnerabilities

CremeCRM 1.6.12 - Multiple Vulnerabilities

Jirafeau Version 3.3.0 – Multiple Vulnerabilities

SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy

SolarWinds Serv-U Managed File Transfer – Denial of Service

Windows DNS Client – Memory Corruption Vulnerabilities

atmail 7 Stored XSS Vulnerability

SolarWinds Log & Event Manager - Arbitrary Command Injection

SolarWinds Log & Event Manager - Improper Access Control

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

Accellion Kiteworks Multiple Vulnerabilities

OS X Messages (iMessage): XSS & File Disclosure

CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory

Adobe ColdFusion Reflected Cross-Site Scripting Flaw

NoScript Bypass

LastPass Site Password-Stealing Clickjacking Vulnerability

AirDroid Web Application Authentication Flaw

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

PGP Desktop Wipe Free Space Flaw

Windows File Time Stamp Display Flaw

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates