Found Security Vulnerabilities

This is an incomplete list of security vulnerabilites I found in different software. This list is highly incomplete, as many security issues are not published right now.

2020-02 - Shopware Authentifizierte Remote Code Execution

https://docs.shopware.com/de/shopware-6-de/sicherheitsupdates/security-update-02-2020

2019-04 - Shopware - Authenticated DQL-Injection & SQL-Injection

https://docs.shopware.com/de/shopware-5-de/sicherheitsupdates/security-update-04-2019

2019-02 - Shopware - Session fixation & CSRF Token Leakage

https://docs.shopware.com/de/shopware-5-de/sicherheitsupdates/security-update-02-2019

2018-12 - engelsystem - Missing CSRF protection mechnism

https://github.com/engelsystem/engelsystem/issues/494

2018-12 - Shopware - Authenticated Remote Code Execution (2x), Path Traversal (File download) (1x), Validation Bypass (1x), MITM in Updateprocess (1x)

https://docs.shopware.com/de/shopware-5-de/sicherheitsupdates/security-update-12-2018

2018-11 - Exposure of private information (e.g. Passwords) in Shopware

https://docs.shopware.com/de/shopware-5-de/sicherheitsupdates/security-update-11-2018

2018-10 - Reflected XSS in Shopware

https://docs.shopware.com/de/shopware-5-de/sicherheitsupdates/security-update-10-2018

2018-05 - DOS-Vulnerability in Litecart

https://github.com/litecart/litecart/issues/119

2018-04 - XSRF and remote code execution in ProjectSend

https://github.com/projectsend/projectsend/issues/547