Skip to content

A list of security vulnerabilities discovered over the years from both personal and collaborative cybersecurity research.

Notifications You must be signed in to change notification settings

iamaldi/publications

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 

Repository files navigation

IT Security Publications

Security vulnerabilities identified in personal and collaborative cybersecurity research.

November, 2021 - Nagios Cross-Platform Agent (NCPA)

Product: Nagios Cross-Platform Agent (NCPA)
Vendor: Nagios Enterprises
Affected Version(s): 2.0 to 2.3.1
Author(s): Altion Malka (CENSUS Labs)
Reference(s): CVE-2021-43584.md, NagiosEnterprises/ncpa#830
Security Vulnerabilities:

  • CVE-2021-43584 - DOM-based XSS via 'name' element of 'Tail Event Logs' functionality in Nagios Cross-Platform Agent (NCPA) versions 2.0 to 2.3.1

This vulnerability was introduced in NCPA version 2.0 and it was applicable up until version 2.3.1.

April 5, 2021 - Pentaho Business Analytics

Product: Pentaho Business Analytics
Vendor: Hitachi Vantara
Affected Version(s): 9.1.0.0 build 324
Author(s): Alberto Favero (HawSec) & Altion Malka
Reference(s): HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
Security Vulnerabilities:

  • CVE-2021-31599 - Remote Code Execution through Pentaho Report Bundles
  • CVE-2021-34684 - Unauthenticated SQL Injection via Dashboard Editor at '/api/repos/dashboards/editor' endpoint
  • CVE-2021-31601 - Insufficient Access Control of Data Source Management Service
  • CVE-2021-31602 - Authentication Bypass of Spring APIs
  • CVE-2021-31600 - Jackrabbit User Enumeration
  • CVE-2021-34685 - Bypass of Filename Extension Restrictions at '/pentaho/UploadService' endpoint

May 9, 2017 - deepin-session-ui

Product: deepin-session-ui
Vendor: Deepin (Wuhan deepin Technology Co.,Ltd.)
Affected Version(s): 4.0.6
Author(s): Altion Malka
Reference(s): Local Authentication Bypass in deepin-session-ui.md
Security Vulnerabilities:

  • Local Authentication Bypass in deepin-session-ui 4.0.6

About

A list of security vulnerabilities discovered over the years from both personal and collaborative cybersecurity research.

Topics

Resources

Stars

Watchers

Forks