Security Advisories

Within the scope of our activities we often happen to find vulnerabilities which have not been known yet. We contact the manufacturers to inform them about these vulnerabilities in order to allow them to implement a patch or a fix. The cooperation with the manufacturers varies, but is usually good. We have already dealt with the following manufacturers:

  1. Microsoft
  2. SAP
  3. Nortel
  4. Finjan
  5. Linux community
  6. OpenCMS
  7. Various small software manufacturers

pdf  Vulnerability Disclosure Policy


Date Subject Link
CVE-2015-007 Netgear Router Firmware N300 Authentication Bypass download
CVE-2015-5372 AdNovum nevisAuth Authentication Bypass download
CVE-2015-3442 Soreco Xpert.Line Authentication Bypass download
CVE-2015-3443 Thycotic Secret Server XSS download 
CSNC-2014-006  softring_xxs download
CSNC-2014-005 softring_backdoor_account download
CSNC-2014-004 neuroML multiple-vulns download
CSNC-2013-018 SAP BusinessObjects Explorer_XXE download
CSNC-2013-017 SAP BusinessObjects Explorer Cross-Site-Flashing download
CSNC-2013-016 SAP BusinessObjects Explorer Port-Scanning download
CSNC-2014-001 Java-Mail - SMTP Header Injection via method setSubject download
CVE-2014-1597 i-doit - SQL Injection download
CVE-2014-1237 i-doit - Cross-Site Scripting (XSS) download
CSNC-2013-013 Plone CMS - URL Redirection Vulnerability download
CSNC-2013-008 Secure Entry Server (SES) - URL Redirection download
CSNC-2013-005-006-007 Leed (Light Feed) - Multiple vulnerabilities download 
CVE-2013-5966 ZK Framework - Cross-Site Scripting Vulnerability (XSS) download
CSNC-2013-011 Endpoint Protector Virtual Appliance - Cross-Site Scripting Vulnerability (XSS) download
CSNC-2013-022 OpenDocMan Document Management Systems - Open URL Redirection download
CSNC-2013-021 VirtueMart eCommerce Solution - Cross-Site Scripting Vulnerability (XSS) download
CSNC-2013-020 iCagenda - Cross-Site Scripting Vulnerability (XSS) download
CSNC-2013-012 All Video Share (Joomla Extension) – SQL Injection Vulnerability download
CSNC-2012-019 All Video Share (Joomla Extension) – XSS Vulnerability download
CSNC-2012-018 All Video Share (Joomla Extension) – Remote File Execution download
CSNC-2013-010 ohanah (Joomla Extension) – Multiple XSS Vulnerabilities download
CSNC-2013-009 ohanah (Joomla Extension) – Authorization Bypass download
CSNC-2012-015 Projectfork (Joomla Extension) – SQL Injection Vulnerability download
CSNC-2012-024 Real Estate Manager (Joomla Extension) - SQL Injection Vulnerability  download
CSNC-2012-023 Real Estate Manager (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities  download
CSNC-2012-022 jNews Core (Joomla Extension) - Multiple XSS Vulnerabilities download
CSNC-2012-021 HikaShop (Joomla Extension) - Cross-Site-Scripting Vulnerability  download
CSNC-2012-020 HikaShop (Joomla Extension) - Redirection Vulnerability  download
CNSC-2012-017 ALFContact (Joomla Extension) - Cross-Site-Scripting Vulnerability download
CSNC-2012-016 Remository (Joomla Extension) - Cross-Site-Scripting Vulnerability download
CSNC-2012-014 K2 (Joomla Extension) - Cross-Site-Scripting Vulnerability  download
CSNC-2012-013 jDownloads (Joomla Extension) - Multiple Cross-Site-Scripting Vulnerabilities download
CSNC-2012-012 FLEXIcontent (Joomla Extension) - SQL Injection Vulnerability download
CSNC-2012-011 FLEXIcontent (Joomla Extension) - URL Redirection Vulnerability download
CSNC-2012-010 AcyMailing (Joomla Extension) - Redirection Vulnerability download
 1784770 SAP Business Objects Enterprise XI - Multiple Cross-Site Scripting Vulnerabilities download
CSNC-2012-026 Cross-Site-Scripting vulnerability in the SilverStripe blog module identified. download
CSNC-2012-025 Multiple Cross-Site-Scripting vulnerabilities in the SilverStripe CMS identified.  download
CVE-2013-1413 Multiple vulnerabilities identified in "i-doit" CMDB web application download
CSNC-2013-002 Drupal Module CurvyCorners - eine Cross-Site-Scripting Vulnerability download
CSNC-2013-001 iTop Web-Applikation - Vulnerability  
CSNC-2012-009 php File Manager - Unrestricted File Download (Authorization / Authentication Bypass)  
CSNC-2012-008 php File Manager - Backdoor Account  download
CSNC-2011-001 SAP eShop clientside denial of service download
CSNC-2012-004 Cross-site scripting (XSS) within 302 Redirections  
CSNC-2012-002 Cross-site Request Forgery based OS Command Execution   download
CSNC-2012-001 Privilege Escalation, Improper Access Control  download


Oracle RDC Onsite XSS Vulnerability


Grails Email Conf. plugin - Predictable Confirmation Token
Grails Email Conf. plugin - Case Insensitive Token Verif.

CA Arcot WebFort Versatile Authentication Server  download
CVE-2009-4505 OpenCMS OAMP Comments Module 1.0.0  
CVE-2009-1479 Camtasia Flash Vulnerability download
CVE-2009-1479 Boxalino Directory Traversal Vulnerability download
CVE-2009-1048 Authentication Bypass of Snom Phone Web Interface download
2009 Response Header Name Injection Attack  
CVE-2008-3358 SAP NetWeaver XSS Vulnerability download
CVE-2008-1547 MS OWA URL Redirection Vulnerability download
CVE-2008-0385 Urulu Web 2.0 SQL Injection
2008 OKI C5510MFP Printer Password Disclosure
CVE-2007-6340 LSrunasE, Supercrypt Weak Crypto
2007 VoIP Phone Audio Stream Rerouting Vulnerability download
2007 Nortel_IP_phone_flooding_denial_of_service download
2007 Nortel_IP_phone_forced_re-authentication download
2007 Nortel_IP_phone_surveillance_mode download
2007 Nortel_telephony_server_denial_of_service download
2007 Nortel_UNIStim_IP_softphone_buffer-overflow download
2007 DokuWiki XSS Vulnerability download
2007 SAP Internet Communication Framework (BC-MID-ICF) download
2007 SAP NetWeaver, Web Dynpro Java (BC-WD-JAV) download
CVE-2007-4018 Citrix - Redirection Vulnerability download
CVE-2007-0011 Citrix - Session Hijacking and Information Disclosure download
2007 Linux Kernel Buffer Overflow download
2006 Internet Explorer MS06-13 Vulnerability download
2004 OpenCMS Session Fixation  
2003 Finjan Content Bypass Vulnerability download


Compass was nominated for Prix SVC Ostschweiz 2016
12/9/15 - Der Swiss Venture Club wählt Compass Security aus knapp 150 Unternehmen in die Finalistengruppe

Compass at CyberSec Conference in Yverdon-les-Bains
10/20/15 - Cyber Security is a challenge

Compass mit einer Keynote am TEFO15
10/20/15 - Studerus Technology Forum

Vulnerability in Netgear Router Firmware N300
10/6/15 - Daniel Haake identified an Authentication Bypass in Netgear Router Firmware N300.

Vulnerability in AdNovum nevisAuth
9/21/15 - Antoine Neuenschwander identified an Authentication Bypass in AdNovum nevisAuth.