TitanFTP Vulnerability Disclosure
White Oak Security discovered multiple vulnerabilities in the TitanFTP NextGen server owned by South River Technologies. TitanFTP NextGen is a FTP/SFTP server utilized to manage file transfers and includes a […]
Disclosures
Frevvo Vulnerability Disclosure
White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms (https://www.frevvo.com). Frevvo Live Forms is a workflow automation software used to automate processes and […]
LogicalDOC Vulnerability Disclosure
White Oak Security discovered several vulnerabilities in the document management system, LogicalDOC, a software that’s designed to save, store, and share documents within an organization. Starting from an unauthenticated point […]
CentreStack Disclosure
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
Fishbowl Disclosure: CVE-2022-29805
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]
Microsoft Office Zero Day: Mitigate NOW
Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]
Extensis Portfolio Vulnerability Disclosure
During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]
Microsoft Lync Server 2010: Remote Code Execution/XSS – User Agent Header
Summary ========== Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details […]
CVE-2012-5868: WordPress 3.4.2: Sessions Not Terminated Upon Explicit User Logout
Summary ========== WordPress 3.4.2 fails to invalidate a user’s sessions upon logout. WordPress was originally notified of this issue in November 15, 2012. CVE number: CVE-2012-5868 Impact: Medium Vendor homepage: […]