Chris Davis

Chris Davis

Chris Davis (Security +) is a Security Analyst at Bishop Fox. His areas of expertise are application penetration testing (static and dynamic) and external network penetration testing. Chris actively conducts independent security research and has been credited with the discovery of 17 CVEs (including CVE-2019-7551 and CVE-2018-17150) on enterprise-level, highly distributed software. The vulnerabilities he identified included remote code execution and cross-site scripting (XSS). Chris completed the Cybersecurity Training Program at SecureSet Academy in addition to coursework at Metropolitan State University of Denver.

Recent Posts by Chris Davis:

by Chris Davis, on Dec 30, 2019 10:26:22 AM

ADVISORY SUMMARY The following document describes identified vulnerabilities in the Big Monitoring Fabric application. Two high-risk vulnerabilities were found within the application. Impact Successful exploitation of the cross-site scripting (XSS) …

Read Details
Vulnerabilities:Sensitive Information DisclosureCross-site Scripting

by Chris Davis, on Dec 9, 2019 7:00:00 AM

ADVISORY SUMMARY Nine vulnerabilities were identified within the Solismed application. The following document describes identified vulnerabilities in the Solismed application version 3.3SP1. Product Vendor Product Name Affected Version* Intesync, LLC …

Read Details
Vulnerabilities:Cross-site ScriptingCross-site Request ForgeryIncorrect Access ControlsInsecure File UploadSQL InjectionInsecure Cryptographic StorageClickjackingDirectory Traversal

by Chris Davis, on Sep 10, 2019 5:43:00 AM

ADVISORY SUMMARY OpenEMR is a widely used open source medical records management tool. The latest version at the time of this research was 5.0.1(6), older versions are believed but unconfirmed …

Read Details
Vulnerabilities:Cross-site ScriptingArbitrary Remote Code Execution

by Chris Davis, on Jul 24, 2019 9:00:00 AM

ADVISORY SUMMARY InterSystems Corporation is a software systems and technology vendor for government, business, and healthcare industries. The InterSystems Caché application is a high-performance object database. The latest version at …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Cross-site Scripting

by Chris Davis, on Mar 8, 2019 12:41:18 PM

Product Vendor Cantemo AB Product Description Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool …

Read Details
Vulnerabilities:Stored Cross-site ScriptingCross-site Scripting

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates