Advisories
Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.
Chrome Updater on Windows / COM Session Moniker EoP2 Ko
27.08.2024 / CSNC-2024-002 / Sylvain Heiniger
Privileged Remote Access (PRA) - Privilege Escalation4 Ko
02.10.2023 / CSNC-2022-018 / Christian Feuchter
Eclipse Mosquitto / Denial of Service, Memory Leak2 Ko
31.08.2023 / CSNC-2023-001 / Mischa Bachmann
Fabasoft Cloud Enterprise Client / Local Privilege Escalation5 Ko
08.05.2023 / CSNC-2023-002 / Tino Kautschke, Dennis Henke
ThinkPad Hybrid USB-C with USB-A / Privilege Escalation4 Ko
09.05.2023 / CSNC-2022-16 / Compass Security
Lenovo System Update / Privilege Escalation4 Ko
14.03.2023 / CSNC-2022-15 / Compass Security
Liima AMW / Stored Cross-Site Scripting (XSS)2 Ko
21.02.2023 / CSNC-2022-021 / Marc Tanner
Liima AMW / Hibernate Query Language (HQL) Injection3 Ko
21.02.2023 / CSNC-2022-020 / Marc Tanner
Liima AMW / Server-Side Template Injection (SSTI)2 Ko
21.02.2023 / CSNC-2022-019 / Marc Tanner
Actico Workplace / XML External Entity Attack3 Ko
16.01.2023 / CSNC-2022-017 / Stephan Sekula
HYPR Workforce Access / Unsafe Deserialization2 Ko
13.10.2022 / CSNC-2022-008 / Philipp Mao
HYPR Workforce Access / Account Takeover2 Ko
13.10.2022 / CSNC-2022-003 / Philipp Mao
Thales SafeNet: Windows Logon Agent / Hardcode Credentials2 Ko
13.10.2022 / CSNC-2022-002 / Philipp Mao
Fabasoft Cloud Enterprise Client / Local Privilege Escalation4 Ko
14.09.2022 / CSNC-2022-010 / Tino Kautschke
AhsayCSB / Authenticated Java Runtime Parameter Injection6 Ko
14.09.2022 / CSNC-2022-009 / Jan Friedli
PRTG Network Monitor / Cross-Site Request Forgery5 Ko
09.06.2022 / CSNC-2022-008 / Emanuele Barbeno
Power BI Report Server / XSS and CSRF10 Ko
02.05.2022 / CSNC-2022-007 / Emanuele Barbeno
MobiCall / Cross-Site Scripting2 Ko
01.04.2022 / CSNC-2022-005 / Adrian Kress
3CX Phone System / Credential Reuse4 Ko
17.03.2022 / CSNC-2021-022 / Emanuel Duss
3CX Client for Windows, Android and iOS / Network Traffic Decryption and Manipulation4 Ko
17.03.2022 / CSNC-2021-021 / Emanuel Duss
Imaging Web Viewer / Cross-Site-Scripting4 Ko
16.03.2022 7 CSNC-2022-004 / Stephan Sekula
Canopy / Cross-Site Scripting (XSS)2 Ko
18.02.2022 / CSNC-2022-003 / Stephan Sekula
TeamMate+ Audit / Cross-Site-Scripting2 Ko
31.01.2022 / CSNC-2022-002 / Adrian Kress
VeridiumAD / Broken Access Control2 Ko
25.01.2022 / CSNC-2021-017 / Philipp Mao
Storyblok / Cross-Site-Scripting2 Ko
10.01.2022 / CSNC-2022-001 / Stephan Sekula
Thales SafeNet / Hardcoded Credentials2 Ko
05.01.2022 / CSNC-2021-016 / Philipp Mao
Ionic Indentity Vault / PIN Unlock Lockout Bypass (Android & iOS)5 Ko
19.11.2021 / CSNC-2021-020 / Emanuel Duss
Cisco Firepower Management Center / Sensitive Data Exposure3 Ko
16.06. 2021 / CSNC-2021-014 / Fabio Poloni
Replicated Classic / Information Disclosure via API3 Ko
25.10.2021 / CSNC-2021-019 / Stephan Sekula
WP Mailster / XSS and CSRF8 Ko
21.10.2021 / CSNC-2021-018 / Emanuele Barbeno
ArcGIS Enterprise / Multiple SAML vulnerabilities (XSW, padding oracle)2 Ko
30.09.2021 / CSNC-2021-006 / Philipp Mao, Felix Aeppli
openvpn-monitor / Cross-Site Request Forgery (CSRF)6 Ko
21.09.2021 / CSNC-2021-011 / Emanuel Duss, Sylvain Heiniger
openvpn-monitor / OpenVPN Management Socket Command Injection5 Ko
21.09.2021 / CSNC-2021-010 / Emanuel Duss, Sylvain Heiniger
openvpn-monitor / Authorization Bypass5 Ko
21.09.2021 / CSNC-2021-009 / Emanuel Duss, Sylvain Heiniger
Identity Vault / Biometric Authentication Bypass on Android12 Ko
06.09.2021 / CSNC-2021-001 / Emanuel Duss
timeCard / Hardcoded Credentials2 Ko
01.09.2021 / CSNC-2021-012 / Philipp Mao
NeDi / OS Command Injection5 Ko
01.07.2021 / CSNC-2021-003 / Emanuele Barbeno
CheckSec / Cross-Site-Scripting (XSS)2 Ko
17.06.2021 / CSNC-2021-015 / Stephan Sekula
codeBeamer ALM / Multiple Cross-Site Scripting (XSS)7 Ko
02.06.2021 / CSNC-2020-012 / Alex Joss, Emanuele Barbeno
codeBeamer ALM / Insecure Remember-Me Feature 9 Ko
02.06.2021 / CSNC-2020-010 / Alex Joss, Emanuele Barbeno
codeBeamer ALM / Cross-Site Request Forgery (CSRF)6 Ko
02.06.2021 / CSNC-2020-009 / Alex Joss, Emanuele Barbeno
Plone / Cross-Site Scripting (XSS)10 Ko
20.05.2021 / CSNC-2021-013 / Tino Kautschke
Avaya Equinox / Missing Function Level Authorization2 Ko
19.05.2021 / CSNC-2020-028 / Sylvain Heiniger, Alex Joss
Avaya Equinox / XML External Entity Resolution (XXE)2 Ko
19.05.2021 / CSNC-2020-027 / Sylvain Heiniger, Alex Joss
WorkCentre 78XX Series / Authenticated OS commmand injection (RCE)4 Ko
11.05.2021 / CSNC-2021-002 / Nicolas Heiniger
FusionAuth SAML Library / XML External Entity3 Ko
21.04.2021 / CSNC-2021-004 / Philipp Mao
Pi-hole / Privilege Escalation8 Ko
20.04.2021 / CSNC-2021-008 / Emanuele Barbeno
Helix ALM / XML External Entity Resolution (XXE)4 Ko
07.04.2021 / CSNC-2021-005 / Emanuele Barbeno
Amaze File Manager / Privilege Escalation2 Ko
12.12.2020 / CSNC-2020-030 / Lukasz D.
AdRem NetCrunch / Credentials Disclosure7 Ko
09.12.2020 / CSNC-2019-018 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Hardcoded SSL Private Key5 Ko
09.12.2020 / CSNC-2019-017 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Cross-Site Request Forgery (CSRF)5 Ko
09.12.2020 / CSNC-2019-016 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Improper Session Handling10 Ko
09.12.2020 / CSNC-2019-015 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Remote Code Execution7 Ko
09.12.2020 / CSNC-2019-014 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Cross-Site Scripting (XSS)7 Ko
09.12.2020 / CSNC-2019-013 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Improper Credential Storage5 Ko
09.12.2020 / CSNC-2019-012 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Server-Side Request Forgery (SSRF)4 Ko
09.12.2020 / CSNC-2019-011 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
Intland CodeBeamer ALM / XML External Entity Resolution (XXE)6 Ko
07.12.2020 / CSNC-2020-008 / Alex Joss, Emanuele Barbeno
Gradle Enterprise / Potential disclosure of session cookies via header reflection2 Ko
12.10.2020 / CSNC-2020-015 / Marat Aytuganov
Gradle Enterprise / Test distribution usage search form allows XSS3 Ko
12.10.2020 / CSNC-2020-014 / Marat Aytuganov
SAML v2.0 bindings in Java using JAXB / Signature Exklusion Attack5 Ko
30.09.2020 / CSNC-2020-002 / Felix Sieges
Checkmk Local Privilege Escalation3 Ko
21.09.2020 / CSNC-2020-005 / Thierry Viaccoz
Mailster - Email Newsletter Plugin for WordPress / XSS6 Ko
08.07.2020 / CSNC-2019-023 / Thierry Viaccoz
Froala WYSIWYG HTML Editor / DOM XSS12 Ko
01.07.2020 / CSNC-2020-004 / Emanuel Duss
JEditor plugin for Jira / Stored XSS4 Ko
23.06.2020 / CSNC-2020-003 / Lukasz D.
Windows Task Scheduler / Security Feature Bypass5 Ko
14.05.2020 / CSNC-2020-001 / Sylvain Heiniger
Abacus / Reflected XSS2 Ko
28.11.2019 / CSNC-2019-024 / Ville Koch
Apache Olingo OData 4.0 / XML External Entity Resolution (XXE)5 Ko
08.11.2019 / CSNC-2019-025 / Compass Security
totemodata / Stored XSS7 Ko
01.10.2019 / CSNC-2019-021 / Fabio Poloni
VeloCloud / Authorization Bypass4 Ko
16.10.2019 / CVE-2019-5533 / Silas Bärtsch
Alibaba Druid / Anti SQL Injection Filter Bypass3 Ko
02.09.2019 / CSNC-2019-022 / Emanuele Barbeno, Lukasz D.
The Scheduler (Jira plugin) / XML External Entity (XXE) Attack6 Ko
06.08.2019 / CSNC-2018-022 / Thierry Viaccoz
MobileIron Email+ for iOS / Cleartext Storage of Sensitive Information3 Ko
31.07.2019 / CSNC-2018-030 / Sylvain Heiniger
Stonebranch Universal Automation Center / Local File Inclusion3 Ko
21.05.2019 / CSNC-2019-004 / Compass Security
Stonebranch Universal Automation Center / Self XSS through CSRF2 Ko
21.05.2019 / CSNC-2019-006 / Compass Security
Router Vigor2960 / Reflected XSS3 Ko
08.04.2019 / CSNC-2019-003 / Lukasz D.
Voyager / OS Command Injection (RCE)3 Ko
07.11.2018 / CSNC-2018-36 / Fabio Poloni
Voyager / Arbitrary File Upload (RCE)4 Ko
07.11.2018 / CSNC-2018-37 / Fabio Poloni
Voyager Authorization Bypass3 Ko
07.11.2018 / CSNC-2018-38 / Fabio Poloni
Voyager / Privilege Escalation5 Ko
07.11.2018 / CSNC-2018-39 / Fabio Poloni
mod_auth_openidc / Reflected XSS Vulnerability4 Ko
18.02.2019 / CSNC-2019-001 / Mischa Bachmann
SICAM A8000 Series / SICAM Webinterface XXE DoS6 Ko
14.01.2019 / CSNC-2019-002 / Emanuel Duss, Nicolas Heiniger
HADatAc / Remot code execution4 Ko
14.11.2018 / CSNC-2018-031 / Lukasz D.
Abacus / Reflected XSS3 Ko
26.09.2018 / CSNC-2018-026 / Stephan Sekula
VMware AirWatch / Insufficient Data Protection3 Ko
14.05.2018 / CSNC-2018-025 / Stephan Sekula
IBM Notes Traveler / Reflected XSS4 Ko
14.05.2018 / CSNC-2018-025 / Stephan Sekula
Monstra CMS / Path Traversal2 Ko
04.09.2018 / CSNC-2018-027 / Fabio Poloni
ownCloud Impersonation App / Authorization bypass4 Ko
29.08.2018 / CSNC-2018-015 / Thierry Viaccoz
Atmosphere / Reflected XSS3 Ko
13.08.2018 / CSNC-2018-016 / Lukasz D.
ownCloud iOS Application / XSS in ownCloud iOS Application's WebViews2 Ko
14.08.2018 / CSNC-2018-016 / Sylvain Heiniger
OfficeSpace / Credentials in Source Code2 Ko
18.04.2018 / CSNC-2018-020 / Stephan Sekula
OfficeSpace / Anonymous File Download2 Ko
18.04.2018 / CSNC-2018-019 / Stephan Sekula
OfficeSpace / Arbitrary File Upload3 Ko
18.04.2018 / CSNC-2018-018 / Stephan Sekula
OfficeSpace / Stored XSS3 Ko
18.04.2018 / CSNC-2018-017 / Stephan Sekula
Homeputer CL Studio for HomeMatic / Incorrect Acces Control4 Ko
19.06.2018 / CSNC-2017-031 / Thierry Viaccoz
Vert.x / HTTP Header Injection3 Ko
12.06.2018 / CSNC-2018-021 / Lukas D.
ONELAN CMS / Passwords in Source Code2 Ko
06.02.2018 / CSNC-2018-012 / Stephan Sekula
ONELAN CMS / Cleartext Passwords2 Ko
06.02.2018 / CSNC-2018-012 / Stephan Sekula
ONELAN CMS / Insufficient Authorization Checks2 Ko
06.02.2018 / CSNC-2018-011 / Stephan Sekula
ONELAN CMS / Account Brute Force2 Ko
06.02.2018 / CSNC-2018-010 / Stephan Sekula
ONELAN CMS / Arbitrary File Upload2 Ko
06.02.2018 / CSNC-2018-009 / Stephan Sekula
ONELAN CMS / JWT in GET Request2 Ko
06.02.2018 / CSNC-2018-008 / Stephan Sekula
ONELAN CMS / CSRF2 Ko
06.02.2018 / CSNC-2018-007 / Stephan Sekula
ONELAN CMS / Stored XSS3 Ko
06.02.2018 / CSNC-2018-006 / Stephan Sekula
ONELAN CMS / Reflected XSS3 Ko
06.02.2018 / CSNC-2018-005 / Stephan Sekula
totemomail Encryption Gateway / XSS Forgery6 Ko
14.05.2018 / CSNC-2018-003 / Nicolas Heiniger
totemomail Encryption Gateway / JSONP hijacking5 Ko
14.05.2018 / CSNC-2018-002 / Nicoals Heiniger
SAP Hybris / Multiple XSS Vulnerability in the HM3 Ko
14.09.2016 / CVE-2016-685XC / Damian Pfammatter
Microsoft Intune / Preserved Keychain Entries2 Ko
31.08.2017 / CSNC-2017-026 / Stephan Sekula
Microsoft Intune / App PIN Bypass4 Ko
31.08.2017 / CSNC-2017-027 / Stephan Sekula
Zimbra Collaboration Suite (ZCS) / Stored XSS Vulnerability3 Ko
10.01.2018 / CVE-2017-8802 / Damian Pfammattter, Alessandro Zala
GitLab CE+EE / XSS2 Ko
09.01.2018 / CSNC-2017-033 / Sylvain Heiniger
My Ty / Reflected XSS4 Ko
21.11.2017 / CSNC-2017-030 / Nicolas Heiniger
MyTy / Blind SQL Injection3 Ko
21.11.2017 / CSNC-2017-029 / Nicolas Heiniger
iText PDF Library / XML External Entity Attack (XXE)2 Ko
06.11.2017 / CVE-2017-9096 / Benjamin Bruppacher
Mongoose Embedded Web Server Library / Stack based BOF17 Ko
20.09.2017 / CSNC-2017-023 / Dobin Rutishauser
Sunell IP Camera IPR54 / Session ID Enumeration5 Ko
18.04.2017 / CSNC-2017-012 / Stephan Sekula
Sunell IP Camera IPR54 / Stored XSS4 Ko
18.04.2017 / CSNC-2017-011 / Stephan Sekula
Sunell IP Camera IPR54 / Reflected XSS3 Ko
18.04.2017 / CSNC-2017-010 / Stephan Sekula
PingID (MFA) / Reflected XSS3 Ko
18.04.2017 / CSNC-2017-013 / Stephan Sekula
Live Helper Chat / XSS3 Ko
24.04.2017 / CSNC-2017-004 / Sylvain Heiniger
Mongoose OS / Use-after-free, Denial of Service9 Ko
03.04.2017 / CVE-2017-7185 / Philipp Promeuschel, Carel van Rooyen, Stephan Sekula
VMware AirWatch / XSS3 Ko
22.03.2017 / CSNC-2016-008 / Stephan Sekula
Microsoft ASP.NET Core / HTTP Header Injection2 Ko
21.12.2016 / CSNC-2016-006 / Reto Schädler
SAP Hybris / Multiple XSS Vulnerabilities in the Hybris Management Console3 Ko
28.10.2016 / CVE-2016_685X / Damian Pfammatter
i-doit / XSS2 Ko
05.02.2014 / CVE-2014-1237 / Stephan Rickauer
ForgeRock OpenAM / Open Redirec3 Ko
23.02.2016 / CSNC-2016-002t / Stephan Sekula
ForgeRock OpenAM / XSS3 Ko
23.02.2016 / CSNC-2016-001 / Stephan Sekula
Adobe Experience Manager AEM / Stored XSS Vulnerability3 Ko
23.02.2016 / CVE-2016-0955 / Damian Pfammatter
Netgear Router Firmware N300 / Authentication Bypass4 Ko
06.10.2015 / CSNC-2015-007 / Daniel Haake
AdNovum nevisAuth / Authentication Bypass4 Ko
21.09.2015 / CVE-2015-5372 / Antoine Neuenschwander, Roland Bischofberger
Xpert.Line / Authentication Bypass4 Ko
06.03.2015 / CVE-2015-3442 / Alessandro Zala, Andreas Hunkeler
Thycotic Secret Server / Stored XXS Vulnerability3 Ko
24.06.2015 / CVE-2015-3443 / Marco Delai
Softing FG-100 PB / XSS3 Ko
05.11.2014 / CSNC-2014-006 / Johannes Klick, Daniel Marzin
Softing FG-100 PB / Backdoor Account4 Ko
05.11.2014 / CSNC-2014-005 / Ingmar Rosenhagen, Daniel Marzin
neuroML / Multiple Vulnerability4 Ko
10.10.2014 / CSNC-2014-004 / Philipp Promeuschel
SAP BusinessObjects Explorer / XXE4 Ko
10.10.2014 / CSNC-2013-018 / Stefan Horlacher
SAP BusinessObjects Explorer / Cross Site Flashing3 Ko
10.10.2014 / CSNC-2013-017 / Stefan Horlacher
SAP BusinessObjects Explorer / Port-Scanning3 Ko
10.10.2014 / CSNC-2013-016 / Stefan Horlacher
JavaMail / SMTP Header Injection via method setSubject10 Ko
19.03.2014 / CSNC-2014-001 / Alexandre Herzog
i-doit / SQL Injection2 Ko
17.02.2014 / CVE-2014-1597 / Stephan Rickauer