Fabio Carretto

Researcher fromCertimeter Group
#7863of 53,633
34.9Total CVSS
Vulnerabilities · 4
High
2
Critical
2
PT-2023-7535
7.8
2023-11-20
Unknown · Secuextender Ssl Vpn Client · CVE-2023-5593
**Name of the Vulnerable Software and Affected Versions** SecuExtender SSL VPN Client version 4.0.4.0 **Description** The issue is related to an out-of-bounds write vulnerability in the SecuExtender SSL VPN Client software. This vulnerability could allow an authenticated local user to gain privilege escalation by sending a crafted CREATE message. The vulnerability is associated with a buffer overflow in memory, which can be exploited to elevate privileges. **Recommendations** For version 4.0.4.0, consider restricting access to the CREATE message functionality until a patch is available. As a temporary workaround, disabling the vulnerable component related to the out-of-bounds write vulnerability may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-12037
9.8
2019-11-20
Iobroker · Iobroker.Admin · CVE-2019-10765
**Name of the Vulnerable Software and Affected Versions** iobroker.admin versions prior to 3.6.12 **Description** The issue allows an attacker to include file contents from outside the intended directory due to a path traversal problem. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the attack, but the package has authentication disabled by default. **Recommendations** Upgrade to version 3.6.12 or later.
PT-2019-11977
9.8
2019-03-31
Domoticz · Domoticz · CVE-2019-10664
**Name of the Vulnerable Software and Affected Versions** Domoticz versions prior to 4.10578 **Description** The issue allows SQL Injection via the `idx` parameter in the `CWebServer::GetFloorplanImage` function in WebServer.cpp. **Recommendations** For versions prior to 4.10578, update to version 4.10578 or later to resolve the issue.
PT-2019-11989
7.5
2019-03-31
Domoticz · Domoticz · CVE-2019-10678
**Name of the Vulnerable Software and Affected Versions** Domoticz versions prior to 4.10579 **Description** The issue neglects to categorize ` ` and `r` as insecure argument options, which may lead to potential security risks. **Recommendations** For versions prior to 4.10579, update to version 4.10579 or later to resolve the issue.