Security Advisories
Vulnerabilities identified by Horizon during security assessments and research activities
Vulnerabilities identified by Horizon during security assessments and research activities
Microsoft Sharepoint On-Premise and Online are affected by an Open Redirect vulnerability, that can be used to carry out phishing attacks.
Friday, 28 December 2018
Horizon Security Staff
Horizon Security discovered a command injection that lead to remote code execution in Fastweb's FastGate router.
Thursday, 13 December 2018Horizon Security Staff
Horizon Security identified an XSS vulnerability in the "feed RSS" widget of Telligent Community application, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.
Wednesday, 21 November 2018Horizon Security Staff
Horizon Security identified multiple Cross-Site Scripting vulnerabilities in Oracle PeopleSoft, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.
Tuesday, 16 October 2018Horizon Security Staff
Horizon Security identified multiple Cross-Site Scripting vulnerabilities in IBM Websphere Portal, which allows an attacker to execute JavaScript code in the user browser within the context of the web application.
Tuesday, 25 September 2018Horizon Security Staff
Horizon Security identified that Avaya Aura® Orchestration Designer is vulnerable to Cross-site request forgery attacks, which allows attacker to force an unware victim user to perform administrative tasks (e.g. user creation, password change)
Friday, 21 September 2018Horizon Security Staff
Horizon Security identified a SQL injection vulnerability in RSA Archer, which allows an attacker to execute arbitrary commands against the database, for example to extract reserved data.
Friday, 31 August 2018Horizon Security Staff