CentreStack Disclosure
White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload resulting in remote code execution. This issue has […]
Disclosures
Fishbowl Disclosure: CVE-2022-29805
Finding A Shell In Your Fishbowl White Oak Security discovered an instance of Fishbowl Inventory that was vulnerable to a Java deserialization vulnerability, resulting in unauthenticated remote code execution. This […]
Microsoft Office Zero Day: Mitigate NOW
Microsoft has acknowledged a remote code execution vulnerability, CVE-2022-30190, which is possible in environments where Microsoft Office has been installed and Microsoft Support Diagnostic Tool (MSDT) is present – which […]
Extensis Portfolio Vulnerability Disclosure
During an external penetration test, White Oak Security discovered an instance of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials. Using black-box web […]