The vulnerabilities found in different applications by BGA Security are published here. The advisories which the page contains are responsibly disclosed. However; they may still include 0day vulnerabilities in case of the vendor’s rejection or ignorance.
- Exagate WEBPack Management System - Multiple Vulnerabilities
- SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
- SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
- Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution
- Beehive Forum v1.4.4 Stored XSS Vulnerability
- Proticaret E-Commerce Script v3.0 >= SQL Injection Multiple Vulnerabilities [CVE: 2014-9237]
- Flussonic Media Server 4.3.3 Multiple Vulnerabilities
- Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities
- ClientResponse Client Management XSS Vulnerability v4.1
- Crea8social v1.3 Stored XSS Vulnerability
- Digi Online Examination System Unrestricted File Upload Vulnerability
- Mouse Media Script Stored XSS Vulnerability
- PhpSound Music Sharing Platform Multiple XSS Vulnerabilities
- Serenity Client Management Portal Multiple Vulnerabilities
- Social Microblogging PRO 1.5 Stored XSS Vulnerability
- SupportEzzy Ticket System - WordPress Plugin Stored XSS
- McAfee Advanced Threat Defense (MATD) before 184.108.40.206 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.
- Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware.
- McAfee Advanced Threat Defense (ATD) before 220.127.116.11 might allow remote attackers to bypass malware detection by leveraging information about the parent process.