The disclosure of new 3rd party vulnerabilities by Portcullis Labs is handled in co-ordination with Talos following Cisco’s publicly documented vulnerability disclosure policy. In the event that you need to email us, the Portcullis Labs bughunters PGP key can be found in the PGP Global Directory.
- CVE-2019-5150 – YouPHPTube /objects/video.php getVideo search Code Execution Vulnerability
- CVE-2019-5151 – YouPHPTube /objects/video.php getVideo videoName Code Execution Vulnerability
- CVE-2019-5068 – X11 Mesa 3D Graphics Library Shared Memory Permissions Vulnerability
- CVE-2019-5114 – YouPHPTube /objects/commentAddNew.json.php comments_id SQL Injection Vulnerability
- CVE-2019-5119 – YouPHPTube /objects/subscribeNotify.json.php user_id SQL Injection Vulnerability
- CVE-2019-5121 – CVE-2019-5123 – YouPHPTube /objects/pluginSwitch.json.php Multiple SQL Injection Vulnerabilities
- CVE-2019-5117 – YouPHPTube /objects/subscribe.json.php SQL Injection Vulnerability
- CVE-2019-5116 – YouPHPTube /objects/videoAddNew.json.php SQL Injection Vulnerability
- CVE-2019-5120 – YouPHPTube /plugin/AD_Server/view/campaignsVideos.json.php id SQL Injection Vulnerability
- CVE-2019-5127 – CVE-2019-5129 – YouPHPTube Encoder base64Url Multiple Command Injections
- CVE-2019-5069 – Epignosis eFront LMS PHP Deserialization Code Execution Vulnerability
- CVE-2019-5070 – Epignosis eFront LMS Unauthenticated SQL Injection Vulnerability
- CVE-2018-3882, CVE-2018-3883, CVE-2018-3884, CVE-2018-3885 – ERPNext SQL Injection Vulnerabilities
- CVE-2018-3881 – FocalScope XML External Entity Injection Vulnerability
- CVE-2018-1655 – IBM AIX rmsock SetUID Binary Information Leak
- CVE-2017-16349 – SAP BPC Web Application Information Disclosure Vulnerability
- CVE-2017-1105 – IBM DB2 Shared Memory Insecure Permissions Vulnerability
- CVE-2017-2815 – Open Fire User Import Export Plugin XML External Entity Injection
- CVE-2016-9044 – Information Builders WebFOCUS Business Intelligence Portal Command Execution Vulnerability
- CVE-2016-9045 – ProcessMaker Enterprise Core Code Execution Vulnerability