by Chris Davis, on Mar 8, 2019 12:41:18 PM

Product Vendor Cantemo AB Product Description Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool …

Read Details
Vulnerabilities:Stored Cross-site ScriptingCross-site Scripting

by Matt Hamilton, on Feb 21, 2019 10:42:58 AM

Product Vendor Simple Finance Technology Corp. Product Description Simple – Better Banking is an Android application that provides banking services for Simple.com. The project’s official website is Simple.com. The latest …

Read Details
Vulnerabilities:Sensitive Information Disclosure

by Priyank Nigam, on Feb 19, 2019 12:30:25 PM

Product Vendor National Railroad Passenger Corporation Product Description The Amtrak mobile application acts a personal kiosk for mobile e-ticketing and guest rewards management. The application can be downloaded from the …

Read Details
Vulnerabilities:Sensitive Information DisclosureAuthentication Bypass

by Nicolas Serra, on Feb 4, 2019 8:46:42 AM

Product Description OpenMRS is a collaborative open-source project through which users can develop software to support healthcare in developing countries. In 2017, OpenMRS was implemented on more than 3,000 sites …

Read Details
Vulnerabilities:Insecure Object Deserialization

by Bastien Faure, on Jan 15, 2019 1:09:16 PM

Product Description From the vendor’s website: “Silverpeas is an open source WEB platform that improves the collaboration between the actors of a company or organization.” Silverpeas is widely used by many …

Read Details
Vulnerabilities:Path Traversal

by Alex Leahu, on Nov 30, 2018 11:28:00 AM

Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as …

Read Details
Vulnerabilities:XXE injection

by Florian Nivette, on Oct 30, 2018 12:05:36 PM

Product Description YunoHost is an application that is used to manage applications hosted on a Linux server. Additionally, it allows the user to manage the entire Linux system, including installed …

Read Details
Vulnerabilities:Stored Cross-site ScriptingHTTP Header Injection

by Kelly Albrink, on Oct 19, 2018 8:56:21 AM

Product Description The Eaton power management appliance is manufactured by Eaton Corporation. This equipment uses a web interface to allow administrators to configure it. This web interface is where the …

Read Details
Vulnerabilities:Cross-site Request ForgeryPassword Exposure

by Jefferino Siqueria, on Oct 16, 2018 12:58:00 PM

Product Description SV3C is a Chinese reseller of home and small business security cameras. The company’s official website is www.sv3c.com. The latest version of the application is V2.3.4.2103-S50-NTD-B20170823B, released on …

Read Details
Vulnerabilities:Stored Cross-site ScriptingRedirectionImproper Session ManagementImproper AuthenticationUse of Hard-coded PasswordsImproper AuthorizationOS Command InjectionPassword Exposure

by Florian Nivette, on Sep 17, 2018 1:28:01 PM

The Wallabag application is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an …

Read Details
Vulnerabilities:Stored Cross-site Scripting

by Florian Nivette, on Sep 17, 2018 1:25:59 PM

Product Description Subsonic is an open source web media server that enables the management of media resources such as music or videos. Its official website is www.subsonic.org. The version affected …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Cross-site Scripting

by Florian Nivette, on Aug 30, 2018 12:12:22 PM

Product Description CremeCRM is an open source CRM. It allows organizations to manage business data concerning customers, invoices, orders, and products. Its official website is www.cremecrm.com, and source code can …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Link Manipulation

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates