Security Advisories

Vulnerabilities identified by Horizon during security assessments and research activities

Immagine

Unrestricted File Upload vulnerability via security bypass in Tassos Marino's Convert Forms extension - CVE-2024-40744

Horizon Security has identified an Unrestricted File Upload vulnerability involving the Convert Forms extension by Tassos Marinos, mainly used by web applications developed with well-known frameworks such as Joomla. This insecure behavior makes it possible to upload any type of file to the web server, which could allow the distribution of malicious files to the form’s recipients or, depending on the server’s configuration, the potential execution of malicious code on the server hosting the web application.

Thursday, 5 December 2024AutoreHorizon Security Staff

Immagine

Reflected Cross-Site Scripting (XSS) in Tassos Marino's Convert Forms extension - CVE-2024-40745

Horizon Security identified a reflected Cross-Site Scripting (XSS) vulnerability affecting the Tassos Marino's Convert Forms extension, primarily used by web applications developed with well-known frameworks such as Joomla. This vulnerability allows unauthenticated attackers to create specially crafted malicious web pages aimed at forcing the victim's web browser to upload a file, containing malicious code in its name, to the web server via the vulnerable file upload functionality of the Convert Forms extension.

Wednesday, 4 December 2024AutoreHorizon Security Staff

Immagine

Multiple XSS (Stored) in DrayTek routers - CVE-2023-23313

Horizon Security identified multiple Cross-Site Scripting (Stored) vulnerabilities in the management web interface exposed by some DrayTek router models. These vulnerabilities can allow an unauthenticated attacker, able to reach the home page of the interface, to inject and store malicious JavaScript code via vulnerable CGI scripts.

Thursday, 2 March 2023AutoreHorizon Security Staff

Immagine

ManageEngine ADSelfService Plus privilege escalation - CVE-2021-27214

Horizon Security discovered a Server-side request forgery (SSRF) vulnerability in ManageEngine AdSelfService Plus version 6013 and lower which allows an attacker to perform a privilege escalation attack.

Friday, 19 February 2021AutoreHorizon Security Staff

Immagine

HP Sure Sense privilege escalation - CVE-2020-6913

Horizon Security discovered an unquoted service path vulnerability which may allow a local user to perform a privilege escalation attacks.

Friday, 10 April 2020AutoreHorizon Security Staff

Immagine

Multiple XSS and CSRF in TIBCO ActiveMatrix - CVE-2019-8991, CVE-2019-11203

Horizon Security identified multiple XSS and CSRF vulnerabilities in the administrative interface, REST API, workspace client and openspace client of ActiveMatrix BPM. These vulnerabilities may allow an attacker to execute JavaScript code in the user browser and may trick the authenticated users of the web application into executing actions of the attacker's choosing.

Tuesday, 21 May 2019AutoreHorizon Security Staff

Immagine

XSS in Aruba Instant - CVE-2018-7064

Horizon Security identified an XSS vulnerability in the web interface widget of Aruba Instant, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.

Thursday, 28 February 2019AutoreHorizon Security Staff

Immagine

Xerox Altalink Printer - Remote code execution - CVE-2018-17172

Horizon Security discovered a command injection that lead to remote code execution in Xerox's AltaLink printers.

Monday, 28 January 2019AutoreHorizon Security Staff

Immagine

Microsoft Sharepoint Remote Privilege Escalation Vulnerability - CVE-2018-1014

Microsoft Sharepoint On-Premise and Online are affected by an Open Redirect vulnerability, that can be used to carry out phishing attacks.

Friday, 28 December 2018AutoreHorizon Security Staff

Immagine

Fastweb FastGate router 1.0.1b Remote code execution - CVE-2018-20122

Horizon Security discovered a command injection that lead to remote code execution in Fastweb's FastGate router.

Thursday, 13 December 2018AutoreHorizon Security Staff

Immagine

XSS in Telligent Community - CVE-2018-16235

Horizon Security identified an XSS vulnerability in the "feed RSS" widget of Telligent Community application, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.

Wednesday, 21 November 2018AutoreHorizon Security Staff

Immagine

Multiple XSS in Oracle PeopleSoft - CVE-2018-3205, CVE-2018-3206, CVE-2018-3207

Horizon Security identified multiple Cross-Site Scripting vulnerabilities in Oracle PeopleSoft, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.

Tuesday, 16 October 2018AutoreHorizon Security Staff

Immagine

Multiple XSS in IBM Websphere Portal - CVE-2018-1673

Horizon Security identified multiple Cross-Site Scripting vulnerabilities in IBM Websphere Portal, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.

Tuesday, 25 September 2018AutoreHorizon Security Staff

Immagine

CSRF in Avaya Aura® Orchestration Designer - CVE-2018-15612

Horizon Security identified that Avaya Aura® Orchestration Designer is vulnerable to Cross-site request forgery attacks, which allows attacker to force an unware victim user to perform administrative tasks (e.g. user creation, password change)

Friday, 21 September 2018AutoreHorizon Security Staff

Immagine

SQL Injection in RSA Archer - CVE-2018-11065

Horizon Security identified a SQL injection vulnerability in RSA Archer, which allows an attacker to execute arbitrary commands against the database, for example to extract reserved data.

Friday, 31 August 2018AutoreHorizon Security Staff