CentreStack Disclosure
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
Disclosures
Fishbowl Disclosure: CVE-2022-29805
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]
Microsoft Office Zero Day: Mitigate NOW
Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]
Extensis Portfolio Vulnerability Disclosure
During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]
Microsoft Lync Server 2010: Remote Code Execution/XSS – User Agent Header
Summary ========== Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details […]
CVE-2012-5868: WordPress 3.4.2: Sessions Not Terminated Upon Explicit User Logout
Summary ========== WordPress 3.4.2 fails to invalidate a user’s sessions upon logout. WordPress was originally notified of this issue in November 15, 2012. CVE number: CVE-2012-5868 Impact: Medium Vendor homepage: […]