Vulnerability in SYNCPILOT LIVE CONTRACT (CVE-2025-2306)
May 15, 2025 – An improper access control vulnerability was identified in the file download functionality.
Updates
Advisories
Our employees frequently engage in research projects to live up to the high standard. They analyze the latest topics, methods and tools in interesting information security areas and prepare them in this context. The results of these activities contribute, for example, to projects, lectures at conferences, market overviews and articles for technical journals as well in advisories and zero-day-vulnerabilities.
Vulnerability in SYNCPILOT LIVE CONTRACT (CVE-2025-2305)
May 15, 2025 – A path traversal vulnerability in the file download functionality was identified.
Vulnerability in Mobatek MobaXterm (CVE-2025-0714)
February 17, 2025 – MobaXterm is a toolbox for remote computing.
Vulnerability in Trend Micro Apex One (CVE-2024-55631)
January 8, 2025 – Our colleagues Frederik Reiter and Jan-Luca Gruber found a vulnerability in the Damage Cleanup Engine of Trend Micro Apex One, which allows and attacker to delete a folder with high privileges. This can be leveraged to escalate privileges in the context of SYSTEM.
Vulnerability in HP Hotkey Support (CVE-2024-27458)
October 4, 2024 – The HP HotKey Support (HPHKS) software provides the support for handling the Hotkeys (fixed notebook buttons that provide quick access to a particular function when pressed) for HP’s business Notebooks.
Vulnerability in AVG Internet Security (CVE-2024-6510)
September 12, 2024
AVG Internet Security is an antivirus software marketed to consumers.
Vulnerability in baramundi Management Agent (CVE-2024-6689)
July 15, 2024
The baramundi Management Agent is used for software distribution in enterprise environments.
Vulnerability in Checkpoint Harmony (CVE-2024-24912)
May 1, 2024
Checkpoint Harmony is an enterprise security software protecting customers from malware.
Vulnerability in Webroot Antivirus (CVE-2023-7241)
May 1, 2024
Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.
Vulnerability in Bitdefender (CVE-2023-6154)
April 1, 2024
Bitdefender produces different antivirus products. The privilege escalation vulnerability existed in Bitdefender Total Security, Internet Security, Antivirus Plus and Antivirus Free.
Vulnerability in neo42 Sumatra PDF Package
November 7, 2023
Sumatra PDF is an Open-Source PDF Reader. The vulnerability in this case was found in the installer for this product shipped by neo42 for Matrix 42 Unified Endpoint Management.
Vulnerability in Bytello Share
November 6, 2023
Bytello Share is a software used to share the screen of a device. The vulnerability was found in the installation process of the software.
Vulnerability in Kiteworks OwnCloud (CVE-2023-7273)
November 5, 2023
OwnCloud offers file sharing and collaboration.
Vulnerability in VMware Workstation (CVE-2023-20854)
February 3, 2023
VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.
Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)
September 30, 2022 – During research, cirosec found a vulnerability in the remote access software from RealVNC.
Do you want to protect your systems? Feel free to get in touch with us.
Competent IT security consulting, pentests, incident response and training
cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany