Dell/Quest Kace Vulnerabilities Reported through Zero Day Initiative (ZDI)
- https://www.zerodayinitiative.com/advisories/ZDI-18-1065/
- https://www.zerodayinitiative.com/advisories/ZDI-18-1066/
SAP SQLAnywhere 17.0 Insecure Shared Memory Objects
- I discovered/reported this vulnerability to SAP (CVE-2023-33990) back in January 2023. SAP patched it in July 2023; however, their product security response team declined to credit me for this disclosure because I reported the vulnerability through their customer support channel, which was the standard procedure at Veritas.
- https://nvd.nist.gov/vuln/detail/CVE-2023-33990
- https://slidingwindow0xff.com/2023/05/14/exploiting-inter-process-communication-through-shared-memory/
Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) Installation Manager
Quest Kace Systems Management Appliance Multiple Vulnerabilities:
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 – Multiple Vulnerabilities:
- CVE-2016-9269: Remote Command Execution Vulnerability
- CVE-2016-9314: Sensitive Information Disclosure Vulnerability
- CVE-2016-9315: Privilege Escalation Vulnerability
- CVE-2016-9316: Stored Cross-Site-Scripting Vulnerability
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 – Multiple Vulnerabilities:
- CVE-2017-6339: Sensitive Information Disclosure Vulnerability
- CVE-2017-6338: Multiple Incorrect Access Control Vulnerabilities
- CVE-2017-6340: Stored Cross Site Scripting
Dell Active Roles Unquoted Service Path Vulnerability
Sophos Web Security Appliance Session Fixation Vulnerability
D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability
D-Link DCS Series Cameras – Insecure Crossdomain.XML
D-Link DIR-615 Router Multiple Vulnerabilities