Advisories
Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.
Windows Cross Device Service / Local Privilege Escalation2 KB
15.04.2025 / CSNC-2025-008 / John Ostrowski
Windows Cross Device Service / Local Privilege Escalation2 KB
15.04.2025 / CSNC-2025-007 / John Ostrowski
Ibexa DXP CMS / XML External Entity (XXE) Injection3 KB
09.01.2025 / CSNC-2025-006 / Dennis Henke
Ibexa DXP CMS / DOM Cross-Site Scripting2 KB
08.01.2025 / CSNC-2025-001 / Stephan Sekula
BOINC Server / BOINC Cross-Site Request Forgery2 KB
20.01.2025 / CSNC-2025-005 / Michael Häseler
BOINC Server / BOINC Multiple SQL Injections6 KB
21.01.2025 / CSNC-2025-004 / Michael Häseler
BOINC Server / BOINC Stored XSS Injection2 KB
21.01.2025 / CSNC-2025-003 / Michael Häseler
BOINC Server / Multiple reflected XSS Injections5 KB
21.01.2025 / CSNC-2025-002 / Michael Häseler
Chrome Updater on Windows / COM Session Moniker EoP2 KB
27.08.2024 / CSNC-2024-002 / Sylvain Heiniger
Privileged Remote Access (PRA) - Privilege Escalation4 KB
02.10.2023 / CSNC-2022-018 / Christian Feuchter
Eclipse Mosquitto / Denial of Service, Memory Leak2 KB
31.08.2023 / CSNC-2023-001 / Mischa Bachmann
Fabasoft Cloud Enterprise Client / Local Privilege Escalation5 KB
08.05.2023 / CSNC-2023-002 / Tino Kautschke, Dennis Henke
ThinkPad Hybrid USB-C with USB-A / Privilege Escalation4 KB
09.05.2023 / CSNC-2022-16 / Compass Security
Lenovo System Update / Privilege Escalation4 KB
14.03.2023 / CSNC-2022-15 / Compass Security
Liima AMW / Stored Cross-Site Scripting (XSS)2 KB
21.02.2023 / CSNC-2022-021 / Marc Tanner
Liima AMW / Hibernate Query Language (HQL) Injection3 KB
21.02.2023 / CSNC-2022-020 / Marc Tanner
Liima AMW / Server-Side Template Injection (SSTI)2 KB
21.02.2023 / CSNC-2022-019 / Marc Tanner
Actico Workplace / XML External Entity Attack3 KB
16.01.2023 / CSNC-2022-017 / Stephan Sekula
HYPR Workforce Access / Unsafe Deserialization2 KB
13.10.2022 / CSNC-2022-008 / Philipp Mao
HYPR Workforce Access / Account Takeover2 KB
13.10.2022 / CSNC-2022-003 / Philipp Mao
Thales SafeNet: Windows Logon Agent / Hardcode Credentials2 KB
13.10.2022 / CSNC-2022-002 / Philipp Mao
Fabasoft Cloud Enterprise Client / Local Privilege Escalation4 KB
14.09.2022 / CSNC-2022-010 / Tino Kautschke
AhsayCSB / Authenticated Java Runtime Parameter Injection6 KB
14.09.2022 / CSNC-2022-009 / Jan Friedli
PRTG Network Monitor / Cross-Site Request Forgery5 KB
09.06.2022 / CSNC-2022-008 / Emanuele Barbeno
Power BI Report Server / XSS and CSRF10 KB
02.05.2022 / CSNC-2022-007 / Emanuele Barbeno
MobiCall / Cross-Site Scripting2 KB
01.04.2022 / CSNC-2022-005 / Adrian Kress
3CX Phone System / Credential Reuse4 KB
17.03.2022 / CSNC-2021-022 / Emanuel Duss
3CX Client for Windows, Android and iOS / Network Traffic Decryption and Manipulation4 KB
17.03.2022 / CSNC-2021-021 / Emanuel Duss
Imaging Web Viewer / Cross-Site-Scripting4 KB
16.03.2022 7 CSNC-2022-004 / Stephan Sekula
Canopy / Cross-Site Scripting (XSS)2 KB
18.02.2022 / CSNC-2022-003 / Stephan Sekula
TeamMate+ Audit / Cross-Site-Scripting2 KB
31.01.2022 / CSNC-2022-002 / Adrian Kress
VeridiumAD / Broken Access Control2 KB
25.01.2022 / CSNC-2021-017 / Philipp Mao
Storyblok / Cross-Site-Scripting2 KB
10.01.2022 / CSNC-2022-001 / Stephan Sekula
Thales SafeNet / Hardcoded Credentials2 KB
05.01.2022 / CSNC-2021-016 / Philipp Mao
Ionic Indentity Vault / PIN Unlock Lockout Bypass (Android & iOS)5 KB
19.11.2021 / CSNC-2021-020 / Emanuel Duss
Cisco Firepower Management Center / Sensitive Data Exposure3 KB
16.06. 2021 / CSNC-2021-014 / Fabio Poloni
Replicated Classic / Information Disclosure via API3 KB
25.10.2021 / CSNC-2021-019 / Stephan Sekula
WP Mailster / XSS and CSRF8 KB
21.10.2021 / CSNC-2021-018 / Emanuele Barbeno
ArcGIS Enterprise / Multiple SAML vulnerabilities (XSW, padding oracle)2 KB
30.09.2021 / CSNC-2021-006 / Philipp Mao, Felix Aeppli
openvpn-monitor / Cross-Site Request Forgery (CSRF)6 KB
21.09.2021 / CSNC-2021-011 / Emanuel Duss, Sylvain Heiniger
openvpn-monitor / OpenVPN Management Socket Command Injection5 KB
21.09.2021 / CSNC-2021-010 / Emanuel Duss, Sylvain Heiniger
openvpn-monitor / Authorization Bypass5 KB
21.09.2021 / CSNC-2021-009 / Emanuel Duss, Sylvain Heiniger
Identity Vault / Biometric Authentication Bypass on Android12 KB
06.09.2021 / CSNC-2021-001 / Emanuel Duss
timeCard / Hardcoded Credentials2 KB
01.09.2021 / CSNC-2021-012 / Philipp Mao
NeDi / OS Command Injection5 KB
01.07.2021 / CSNC-2021-003 / Emanuele Barbeno
CheckSec / Cross-Site-Scripting (XSS)2 KB
17.06.2021 / CSNC-2021-015 / Stephan Sekula
codeBeamer ALM / Multiple Cross-Site Scripting (XSS)7 KB
02.06.2021 / CSNC-2020-012 / Alex Joss, Emanuele Barbeno
codeBeamer ALM / Insecure Remember-Me Feature 9 KB
02.06.2021 / CSNC-2020-010 / Alex Joss, Emanuele Barbeno
codeBeamer ALM / Cross-Site Request Forgery (CSRF)6 KB
02.06.2021 / CSNC-2020-009 / Alex Joss, Emanuele Barbeno
Plone / Cross-Site Scripting (XSS)10 KB
20.05.2021 / CSNC-2021-013 / Tino Kautschke
Avaya Equinox / Missing Function Level Authorization2 KB
19.05.2021 / CSNC-2020-028 / Sylvain Heiniger, Alex Joss
Avaya Equinox / XML External Entity Resolution (XXE)2 KB
19.05.2021 / CSNC-2020-027 / Sylvain Heiniger, Alex Joss
WorkCentre 78XX Series / Authenticated OS commmand injection (RCE)4 KB
11.05.2021 / CSNC-2021-002 / Nicolas Heiniger
FusionAuth SAML Library / XML External Entity3 KB
21.04.2021 / CSNC-2021-004 / Philipp Mao
Pi-hole / Privilege Escalation8 KB
20.04.2021 / CSNC-2021-008 / Emanuele Barbeno
Helix ALM / XML External Entity Resolution (XXE)4 KB
07.04.2021 / CSNC-2021-005 / Emanuele Barbeno
Amaze File Manager / Privilege Escalation2 KB
12.12.2020 / CSNC-2020-030 / Lukasz D.
AdRem NetCrunch / Credentials Disclosure7 KB
09.12.2020 / CSNC-2019-018 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Hardcoded SSL Private Key5 KB
09.12.2020 / CSNC-2019-017 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Cross-Site Request Forgery (CSRF)5 KB
09.12.2020 / CSNC-2019-016 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Improper Session Handling10 KB
09.12.2020 / CSNC-2019-015 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Remote Code Execution7 KB
09.12.2020 / CSNC-2019-014 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Cross-Site Scripting (XSS)7 KB
09.12.2020 / CSNC-2019-013 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Improper Credential Storage5 KB
09.12.2020 / CSNC-2019-012 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
AdRem NetCrunch / Server-Side Request Forgery (SSRF)4 KB
09.12.2020 / CSNC-2019-011 / Thierry Viaccoz, Sylvain Heiniger, Fabio Poloni
Intland CodeBeamer ALM / XML External Entity Resolution (XXE)6 KB
07.12.2020 / CSNC-2020-008 / Alex Joss, Emanuele Barbeno
Gradle Enterprise / Potential disclosure of session cookies via header reflection2 KB
12.10.2020 / CSNC-2020-015 / Marat Aytuganov
Gradle Enterprise / Test distribution usage search form allows XSS3 KB
12.10.2020 / CSNC-2020-014 / Marat Aytuganov
SAML v2.0 bindings in Java using JAXB / Signature Exklusion Attack5 KB
30.09.2020 / CSNC-2020-002 / Felix Sieges
Checkmk Local Privilege Escalation3 KB
21.09.2020 / CSNC-2020-005 / Thierry Viaccoz
Mailster - Email Newsletter Plugin for WordPress / XSS6 KB
08.07.2020 / CSNC-2019-023 / Thierry Viaccoz
Froala WYSIWYG HTML Editor / DOM XSS12 KB
01.07.2020 / CSNC-2020-004 / Emanuel Duss
JEditor plugin for Jira / Stored XSS4 KB
23.06.2020 / CSNC-2020-003 / Lukasz D.
Windows Task Scheduler / Security Feature Bypass5 KB
14.05.2020 / CSNC-2020-001 / Sylvain Heiniger
Abacus / Reflected XSS2 KB
28.11.2019 / CSNC-2019-024 / Ville Koch
Apache Olingo OData 4.0 / XML External Entity Resolution (XXE)5 KB
08.11.2019 / CSNC-2019-025 / Compass Security
totemodata / Stored XSS7 KB
01.10.2019 / CSNC-2019-021 / Fabio Poloni
VeloCloud / Authorization Bypass4 KB
16.10.2019 / CVE-2019-5533 / Silas Bärtsch
Alibaba Druid / Anti SQL Injection Filter Bypass3 KB
02.09.2019 / CSNC-2019-022 / Emanuele Barbeno, Lukasz D.
The Scheduler (Jira plugin) / XML External Entity (XXE) Attack6 KB
06.08.2019 / CSNC-2018-022 / Thierry Viaccoz
MobileIron Email+ for iOS / Cleartext Storage of Sensitive Information3 KB
31.07.2019 / CSNC-2018-030 / Sylvain Heiniger
Stonebranch Universal Automation Center / Local File Inclusion3 KB
21.05.2019 / CSNC-2019-004 / Compass Security
Stonebranch Universal Automation Center / Self XSS through CSRF2 KB
21.05.2019 / CSNC-2019-006 / Compass Security
Router Vigor2960 / Reflected XSS3 KB
08.04.2019 / CSNC-2019-003 / Lukasz D.
Voyager / OS Command Injection (RCE)3 KB
07.11.2018 / CSNC-2018-36 / Fabio Poloni
Voyager / Arbitrary File Upload (RCE)4 KB
07.11.2018 / CSNC-2018-37 / Fabio Poloni
Voyager Authorization Bypass3 KB
07.11.2018 / CSNC-2018-38 / Fabio Poloni
Voyager / Privilege Escalation5 KB
07.11.2018 / CSNC-2018-39 / Fabio Poloni
mod_auth_openidc / Reflected XSS Vulnerability4 KB
18.02.2019 / CSNC-2019-001 / Mischa Bachmann
SICAM A8000 Series / SICAM Webinterface XXE DoS6 KB
14.01.2019 / CSNC-2019-002 / Emanuel Duss, Nicolas Heiniger
HADatAc / Remot code execution4 KB
14.11.2018 / CSNC-2018-031 / Lukasz D.
Abacus / Reflected XSS3 KB
26.09.2018 / CSNC-2018-026 / Stephan Sekula
VMware AirWatch / Insufficient Data Protection3 KB
14.05.2018 / CSNC-2018-025 / Stephan Sekula
IBM Notes Traveler / Reflected XSS4 KB
14.05.2018 / CSNC-2018-025 / Stephan Sekula
Monstra CMS / Path Traversal2 KB
04.09.2018 / CSNC-2018-027 / Fabio Poloni
ownCloud Impersonation App / Authorization bypass4 KB
29.08.2018 / CSNC-2018-015 / Thierry Viaccoz
Atmosphere / Reflected XSS3 KB
13.08.2018 / CSNC-2018-016 / Lukasz D.
ownCloud iOS Application / XSS in ownCloud iOS Application's WebViews2 KB
14.08.2018 / CSNC-2018-016 / Sylvain Heiniger
OfficeSpace / Credentials in Source Code2 KB
18.04.2018 / CSNC-2018-020 / Stephan Sekula
OfficeSpace / Anonymous File Download2 KB
18.04.2018 / CSNC-2018-019 / Stephan Sekula
OfficeSpace / Arbitrary File Upload3 KB
18.04.2018 / CSNC-2018-018 / Stephan Sekula
OfficeSpace / Stored XSS3 KB
18.04.2018 / CSNC-2018-017 / Stephan Sekula
Homeputer CL Studio for HomeMatic / Incorrect Acces Control4 KB
19.06.2018 / CSNC-2017-031 / Thierry Viaccoz
Vert.x / HTTP Header Injection3 KB
12.06.2018 / CSNC-2018-021 / Lukas D.
ONELAN CMS / Passwords in Source Code2 KB
06.02.2018 / CSNC-2018-012 / Stephan Sekula
ONELAN CMS / Cleartext Passwords2 KB
06.02.2018 / CSNC-2018-012 / Stephan Sekula
ONELAN CMS / Insufficient Authorization Checks2 KB
06.02.2018 / CSNC-2018-011 / Stephan Sekula
ONELAN CMS / Account Brute Force2 KB
06.02.2018 / CSNC-2018-010 / Stephan Sekula
ONELAN CMS / Arbitrary File Upload2 KB
06.02.2018 / CSNC-2018-009 / Stephan Sekula
ONELAN CMS / JWT in GET Request2 KB
06.02.2018 / CSNC-2018-008 / Stephan Sekula
ONELAN CMS / CSRF2 KB
06.02.2018 / CSNC-2018-007 / Stephan Sekula
ONELAN CMS / Stored XSS3 KB
06.02.2018 / CSNC-2018-006 / Stephan Sekula
ONELAN CMS / Reflected XSS3 KB
06.02.2018 / CSNC-2018-005 / Stephan Sekula
totemomail Encryption Gateway / XSS Forgery6 KB
14.05.2018 / CSNC-2018-003 / Nicolas Heiniger
totemomail Encryption Gateway / JSONP hijacking5 KB
14.05.2018 / CSNC-2018-002 / Nicoals Heiniger
SAP Hybris / Multiple XSS Vulnerability in the HM3 KB
14.09.2016 / CVE-2016-685XC / Damian Pfammatter
Microsoft Intune / Preserved Keychain Entries2 KB
31.08.2017 / CSNC-2017-026 / Stephan Sekula
Microsoft Intune / App PIN Bypass4 KB
31.08.2017 / CSNC-2017-027 / Stephan Sekula
Zimbra Collaboration Suite (ZCS) / Stored XSS Vulnerability3 KB
10.01.2018 / CVE-2017-8802 / Damian Pfammattter, Alessandro Zala
GitLab CE+EE / XSS2 KB
09.01.2018 / CSNC-2017-033 / Sylvain Heiniger
My Ty / Reflected XSS4 KB
21.11.2017 / CSNC-2017-030 / Nicolas Heiniger
MyTy / Blind SQL Injection3 KB
21.11.2017 / CSNC-2017-029 / Nicolas Heiniger
iText PDF Library / XML External Entity Attack (XXE)2 KB
06.11.2017 / CVE-2017-9096 / Benjamin Bruppacher
Mongoose Embedded Web Server Library / Stack based BOF17 KB
20.09.2017 / CSNC-2017-023 / Dobin Rutishauser
Sunell IP Camera IPR54 / Session ID Enumeration5 KB
18.04.2017 / CSNC-2017-012 / Stephan Sekula
Sunell IP Camera IPR54 / Stored XSS4 KB
18.04.2017 / CSNC-2017-011 / Stephan Sekula
Sunell IP Camera IPR54 / Reflected XSS3 KB
18.04.2017 / CSNC-2017-010 / Stephan Sekula
PingID (MFA) / Reflected XSS3 KB
18.04.2017 / CSNC-2017-013 / Stephan Sekula
Live Helper Chat / XSS3 KB
24.04.2017 / CSNC-2017-004 / Sylvain Heiniger
Mongoose OS / Use-after-free, Denial of Service9 KB
03.04.2017 / CVE-2017-7185 / Philipp Promeuschel, Carel van Rooyen, Stephan Sekula
VMware AirWatch / XSS3 KB
22.03.2017 / CSNC-2016-008 / Stephan Sekula
Microsoft ASP.NET Core / HTTP Header Injection2 KB
21.12.2016 / CSNC-2016-006 / Reto Schädler
SAP Hybris / Multiple XSS Vulnerabilities in the Hybris Management Console3 KB
28.10.2016 / CVE-2016_685X / Damian Pfammatter
i-doit / XSS2 KB
05.02.2014 / CVE-2014-1237 / Stephan Rickauer
ForgeRock OpenAM / Open Redirec3 KB
23.02.2016 / CSNC-2016-002t / Stephan Sekula
ForgeRock OpenAM / XSS3 KB
23.02.2016 / CSNC-2016-001 / Stephan Sekula
Adobe Experience Manager AEM / Stored XSS Vulnerability3 KB
23.02.2016 / CVE-2016-0955 / Damian Pfammatter
Netgear Router Firmware N300 / Authentication Bypass4 KB
06.10.2015 / CSNC-2015-007 / Daniel Haake
AdNovum nevisAuth / Authentication Bypass4 KB
21.09.2015 / CVE-2015-5372 / Antoine Neuenschwander, Roland Bischofberger
Xpert.Line / Authentication Bypass4 KB
06.03.2015 / CVE-2015-3442 / Alessandro Zala, Andreas Hunkeler
Thycotic Secret Server / Stored XXS Vulnerability3 KB
24.06.2015 / CVE-2015-3443 / Marco Delai
Softing FG-100 PB / XSS3 KB
05.11.2014 / CSNC-2014-006 / Johannes Klick, Daniel Marzin
Softing FG-100 PB / Backdoor Account4 KB
05.11.2014 / CSNC-2014-005 / Ingmar Rosenhagen, Daniel Marzin
neuroML / Multiple Vulnerability4 KB
10.10.2014 / CSNC-2014-004 / Philipp Promeuschel
SAP BusinessObjects Explorer / XXE4 KB
10.10.2014 / CSNC-2013-018 / Stefan Horlacher
SAP BusinessObjects Explorer / Cross Site Flashing3 KB
10.10.2014 / CSNC-2013-017 / Stefan Horlacher
SAP BusinessObjects Explorer / Port-Scanning3 KB
10.10.2014 / CSNC-2013-016 / Stefan Horlacher
JavaMail / SMTP Header Injection via method setSubject10 KB
19.03.2014 / CSNC-2014-001 / Alexandre Herzog
i-doit / SQL Injection2 KB
17.02.2014 / CVE-2014-1597 / Stephan Rickauer