Disclosures | White Oak Security

VMware Authentication Bypass Zero Day Alert

VMware has issued an advisory (VMSA-2023-0026) for an authentication bypass vulnerability (CVE-2023-34060) against its VMware Cloud Director Appliances. The vulnerability is rated critical with a 9.8 out of 10 CVSS severity […]

Sony Bravia Remote Code Execution Disclosure

Sony Bravia Overview Sony’s BRAVIA Signage (1) is an application to deliver video and still images to Pro BRAVIAs and manage the information displayed across a network. Features include management […]

TitanFTP Vulnerability Disclosure

White Oak Security discovered multiple vulnerabilities in the TitanFTP NextGen server owned by South River Technologies. TitanFTP NextGen is a FTP/SFTP server utilized to manage file transfers and includes a […]

Frevvo Vulnerability Disclosure

White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms. Frevvo Live Forms is a workflow automation software used to automate processes and forms. […]

LogicalDOC Vulnerability Disclosure

White Oak Security discovered several vulnerabilities in the document management system, LogicalDOC, a software that’s designed to save, store, and share documents within an organization. Starting from an unauthenticated point […]

CentreStack Disclosure

Note: Updated 6/9/2023 to update official CVE IDs White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload […]

Fishbowl Disclosure: CVE-2022-29805

Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]

Microsoft Office Zero Day: Mitigate NOW

Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]

Extensis Portfolio Vulnerability Disclosure

During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]

Microsoft Lync Server 2010: Remote Code Execution/XSS – User Agent Header

Summary ========== Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details […]