github email rss

Found Security Vulnerabilities

This is an incomplete list of security vulnerabilites I found in different software. This list is highly incomplete, as many security issues are not published right now.

2019-02 - Shopware - Session fixation & CSRF Token Leakage

2018-12 - engelsystem - Missing CSRF protection mechnism

2018-12 - Shopware - Authenticated Remote Code Execution (2x), Path Traversal (File download) (1x), Validation Bypass (1x), MITM in Updateprocess (1x)

2018-11 - Exposure of private information (e.g. Passwords) in Shopware

2018-10 - Reflected XSS in Shopware

2018-05 - DOS-Vulnerability in Litecart

2018-04 - XSRF and remote code execution in ProjectSend