Skip to content

afine-com/research

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
Materials
Materials
 
 
README.md
README.md
 
 

Repository files navigation

AFINE Team contribution

Research

Date CVE Topic Details
17/10/2024 ⚠️ CVE-2024-50312 Information Disclosure via GraphQL Introspection in OpenShift Link
17/10/2024 ⚠️ CVE-2024-50311 OpenShift Denial of Service (DoS) Link
31/07/2024 ⚠️ CVE-2024-41955 Open Redirect in Login Redirect in MobSF <= 4.0.4 Link
28/06/2024 ⚠️ CVE-2024-28797 Stored Cross-site Scripting in IBM InfoSphere DataStage Designer < 11.7.4 Link
28/06/2024 ⚠️ CVE-2024-28795 Stored Cross-site Scripting in IBM InfoSphere Information Server < 11.7 Link
28/06/2024 ⚠️ CVE-2024-28794 Stored Cross-site Scripting in IBM InfoSphere Information Server < 11.7 Link
28/06/2024 ⚠️ CVE-2024-5737 AdmirorFrames Joomla! Extension < 5.0 - HTML Injection Link
28/06/2024 ⚠️ CVE-2024-5736 AdmirorFrames Joomla! Extension < 5.0 - Server-Side Request Forgery Link
28/06/2024 ⚠️ CVE-2024-5735 AdmirorFrames Joomla! Extension < 5.0 - Full Path Disclosure Link
24/05/2024 ⚠️ CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS Link
08/05/2024 ⚠️ CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing Link
09/05/2024 ⚠️ CVE-2024-3459 KioWare for Windows environment escape Link
09/05/2024 ⚠️ CVE-2024-3460 KioWare for Windows security control bypass Link
09/05/2024 ⚠️ CVE-2024-3461 KioWare for Windows PIN brute force Link
18/03/2024 ⚠️ CVE-2024-1606 HTML injection in BMC Control-M Link
18/03/2024 ⚠️ CVE-2024-1605 DLL side-loading in BMC Control-M Link
18/03/2024 ⚠️ CVE-2024-1604 Incorrect authorization in BMC Control-M Link
14/02/2024 ⚠️ CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal Link
07/02/2024 ⚠️ CVE-2024-24816 Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled Link
11/01/2024 ⚠️ CVE-2023-5118 Stored XSS in Kofax Capture software Link
21/12/2023 ⚠️ CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting Link
12/12/2023 ⚠️ CVE-2023-45184 Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks Link
12/12/2023 ⚠️ CVE-2023-45182 Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing attacker to obtain passwords to other systems Link
12/12/2023 ⚠️ CVE-2023-45185 Remote Code Execution in IBM i Access Client Solutions Link
12/12/2023 ⚠️ CVE-2023-4932 Reflected Cross-Site Scripting in SAS 9.4 Link
06/11/2023 ⚠️ CVE-2023-5958 POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting Link
06/11/2023 ⚠️ CVE-2023-5209 Bookly < 22.5 - Admin+ Stored XSS Link
08/08/2023 ⚠️ CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability Link
25/07/2023 ⚠️ CVE-2023-39062 Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 Link
02/10/2023 ⚠️ CVE-2023-38419 Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges Link
02/10/2023 ⚠️ CVE-2023-38138 Reflected Cross-site Scripting in BIG-IP Configuration utility Link
13/06/2023 ⚠️ CVE-2023-35840 elFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector Link
20/03/2023 ⚠️ CVE-2023-1478 Hummingbird < 3.4.2 - Unauthenticated Path Traversal Link
16/03/2023 ⚠️ CVE-2023-28530 IBM Cognos Analytics - Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations Link
18/10/2022 ⚠️ CVE-2022-40746 OwnCloud URL spoofing in password reset mail Link
16/09/2022 ⚠️ CVE-2022-40746 IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system Link
25/07/2022 ⚠️ CVE-2022-36433 Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
25/07/2022 ⚠️ CVE-2022-36432 Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35501 Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35500 Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 Link
11/07/2022 ⚠️ CVE-2022-35642 IBM InfoSphere Information Server is vulnerable to stored cross-site scripting Link
12/05/2022 ⚠️ CVE-2022-30615 IBM InfoSphere Information Server is vulnerable to cross-site scripting Link
28/06/2021 ⚠️ CVE-2021-34254 Open Redirection (OurUmbraco) Link
16/06/2021 ⚠️ CVE-2021-3584 Server-side remote code execution (Foreman) Link
08/06/2021 ⚠️ CVE-2021-1675 Windows Print Spooler Elevation of Privilege Vulnerability Link
07/06/2021 ⚠️ CVE-2021-24378 Authenticated Stored XSS (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24377 Race Condition leading to RCE (Autoptimize) Link
07/06/2021 ⚠️ CVE-2021-24376 Arbitrary File Upload (Autoptimize) Link
13/05/2021 ⚠️ CVE-2021-21559 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
13/05/2021 ⚠️ CVE-2021-21558 Dell EMC NetWorker Security Update for Multiple Vulnerabilities Link
25/09/2020 ⚠️ CVE-2020-25130 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25131 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25132 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25133 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25134 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25135 Cross-Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25136 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25137 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25138 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25139 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25140 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25141 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25142 Cross Site Request Forgery (CSRF) (Observium) Link
25/09/2020 ⚠️ CVE-2020-25143 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25144 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25145 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
25/09/2020 ⚠️ CVE-2020-25146 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25147 SQL Injection (Observium) Link
25/09/2020 ⚠️ CVE-2020-25148 Cross Site Scripting (Observium) Link
25/09/2020 ⚠️ CVE-2020-25149 Authenticated Directory Traversal And Local File Inclusion (Observium) Link
03/09/2020 ⚠️ CVE-2020-25102 Cross-Site Scripting (SilverStripe Advanced Reports Module) Link
26/08/2020 ⚠️ CVE-2020-5920 F5 BIG-IP AFM SQL Injection Link
11/08/2020 ⚠️ CVE-2020-1569 Microsoft Edge Memory Corruption Link
17/07/2020 ⚠️ CVE-2020-15596 Touchpad driver DLL Hijacking Link
29/05/2020 ⚠️ CVE-2020-13700 wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation Link
25/05/2020 ⚠️ CVE-2020-13484 Bitrix CRM unauthenticated server side request forgery Link
25/05/2020 ⚠️ CVE-2020-13483 Bitrix CRM XSS / WAF bypass Link
24/05/2020 ⚠️ CVE-2020-13443 ExpressionEngine Remote Command Execution via unrestricted file upload Link
21/04/2020 ⚠️ CVE-2020-11976 Apache Wicket Directory traversal due to guard protection bypass - read wicket markup file source Link
13/01/2020 ⚠️ CVE-2020-6856 JOC Cockpit, Jobscheduler, XML External Entity Link
13/01/2020 ⚠️ CVE-2020-6855 JOC Cockpit, Jobscheduler, Denial of Service Link
13/01/2020 ⚠️ CVE-2020-6854 JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting Link
20/11/2019 ⚠️ CVE-2019-19129 Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. Link
05/08/2019 ⚠️ CVE-2019-14521 Arbitrary File Upload leading to RCE (Energy Logserver) Link
17/07/2019 ⚠️ CVE-2020-5907 TMOS Shell privilege escalation vulnerability Link
26/03/2019 ⚠️ CVE-2019-10070 Apache Atlas, Stored Cross Site Scripting Link

Articles

Visit our blog to read our articles about penetration testing and cybersecurity.

Conferences

Date Topic Details
09/04/2021 🎥 Smart Web Fuzzing, czyli jakie powierzchnie ataku możemy półautomatyzować — Łukasz Mikuła, Warszawskie Dni Informatyki Link
11/09/2020 🎥 Współczesna infrastruktura Red Teamowa — Łukasz Mikuła, Piotr Madej, Security Case Study Link
27/02/2020 🎥 Phishing - jak malware trafia do Twojej organizacji — Piotr Madej, OWASP Katowice Link
29/01/2020 🎥 O pracy pentestera — Piotr Madej, 17 53c - Gliwice Cybersecurity Meetup Group Link
14/12/2019 🎥 COM to me, baby — Łukasz Mikuła, WTH Conference Link
14/12/2019 🎥 Logiczne podatności w systemie Windows — Michał Bazyli, WTH Conference Link

About

CVEs, conference materials, research.

Resources

Readme
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5