The KoreLogic Team actively pursues the identification of vulnerabilities. Our Vulnerability Disclosure Program was created to responsibly distribute vulnerability information to the public in a controlled manner and follow common industry practices associated with disclosing newly identified vulnerabilities, which are not protected by KoreLogic client confidentiality/non-disclosure agreements. Our disclosure policy is available in text and PDF.

Recent Vulnerability Research and Advisories

• KL-001-2024-012: VICIdial Authenticated Remote Code Execution
• KL-001-2024-011: VICIdial Unauthenticated SQL Injection
• KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection
• KL-001-2024-009: Journyx Reflected Cross Site Scripting
• KL-001-2024-008: Journyx Authenticated Remote Code Execution
• KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
• KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
• KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
• KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
• KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability
• KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
• KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
• KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
• KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump
• KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig
• KL-001-2022-002: Moxa TN-5900 Post Authentication Command Injection Vulnerability
• KL-001-2022-001: Moxa TN-5900 Firmware Upgrade Checksum Validation Vulnerability
• KL-001-2021-010: CyberArk Credential Provider Local Cache Can Be Decrypted
• KL-001-2021-009: CyberArk Credential Provider Race Condition And Authorization Bypass
• KL-001-2021-008: CyberArk Credential File Insufficient Effective Key Space
• KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account
• KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write
• KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal
• KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password
• KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords
• KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed
• KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints
• KL-001-2020-009: Barco wePresent Insecure Firmware Image
• KL-001-2020-008: Barco wePresent Global Hardcoded Root SSH Password
• KL-001-2020-007: Barco wePresent Undocumented SSH Interface Accessible Via Web UI
• KL-001-2020-006: Barco wePresent Authentication Bypass
• KL-001-2020-005: Barco wePresent Admin Credentials Exposed In Plain-text
• KL-001-2020-004: Barco wePresent Hardcoded API Credentials
• KL-001-2020-003: Cellebrite EPR Decryption Relies on Hardcoded AES Key Material
• KL-001-2020-002: Cellebrite Restricted Desktop Escape and Escalation of User Privilege
• KL-001-2020-001: Cellebrite Hardcoded ADB Authentication Keys
• KL-001-2018-009: Dell OpenManage Network Manager Multiple Vulnerabilities
• KL-001-2018-008: HPE VAN SDN Unauthenticated Remote Root Vulnerability
• KL-001-2018-007: Sophos UTM 9 loginuser Privilege Escalation via confd Service
• KL-001-2018-006: Trend Micro IMSVA Management Portal Authentication Bypass
• KL-001-2018-005: NetEx HyperIP Local File Inclusion Vulnerability
• KL-001-2018-004: NetEx HyperIP Privilege Escalation Vulnerability
• KL-001-2018-003: NetEx HyperIP Post-Auth Command Execution
• KL-001-2018-002: NetEx HyperIP Authentication Bypass
• KL-001-2018-001: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
• KL-001-2017-022: Splunk Local Privilege Escalation
• KL-001-2017-021: Sophos UTM 9 Management Appplication Local File Inclusion
• KL-001-2017-020: Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions
• KL-001-2017-019: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation
• KL-001-2017-018: Infoblox NetMRI Administration Shell Factory Reset Persistence
• KL-001-2017-017: Infoblox NetMRI Administration Shell Escape and Privilege Escalation
• KL-001-2017-016: Solarwinds LEM Insecure Update Process
• KL-001-2017-015: Solarwinds LEM Hardcoded Credentials
• KL-001-2017-014: Barracuda WAF Support Tunnel Hijack
• KL-001-2017-013: Barracuda WAF Management Application Username and Session ID Leak
• KL-001-2017-012: Barracuda WAF Grub Password Complexity
• KL-001-2017-011: Barracuda WAF Internal Development Credential Disclosure
• KL-001-2017-010: Barracuda WAF Early Boot Root Shell
• KL-001-2017-009: Solarwinds LEM Database Listener with Hardcoded Credentials
• KL-001-2017-008: Solarwinds LEM Management Shell Arbitrary File Read
• KL-001-2017-007: Solarwinds LEM Management Shell Escape via Command Injection
• KL-001-2017-006: Solarwinds LEM Privilege Escalation via Sudo Script Abuse
• KL-001-2017-005: Solarwinds LEM Privilege Escalation via Controlled Sudo Path
• KL-001-2017-004: WatchGuard XTMv User Management Cross-Site Request Forgery
• KL-001-2017-003: Trendmicro InterScan Remote Root Access Vulnerability
• KL-001-2017-002: Trendmicro InterScan Privilege Escalation Vulnerability
• KL-001-2017-001: Trendmicro InterScan Arbitrary File Write
• KL-001-2016-009: Sophos Web Appliance Remote Code Execution
• KL-001-2016-008: Sophos Web Appliance Privilege Escalation
• KL-001-2016-007: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access
• KL-001-2016-006: Cisco Firepower Threat Management Console Local File Inclusion
• KL-001-2016-005: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
• KL-001-2016-004: Cisco Firepower Threat Management Console Authenticated Denial of Service
• KL-001-2016-003: SQLite Tempdir Selection Vulnerability
• KL-001-2016-002: Ubiquiti Administration Portal CSRF to Remote Command Execution
• KL-001-2016-001: Arris DG1670A Cable Modem Remote Command Execution
• KL-001-2015-008: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
• KL-001-2015-007: Seagate GoFlex Satellite Remote Telnet Default Password
• KL-001-2015-006: Linksys EA6100 Wireless Router Authentication Bypass
• KL-001-2015-005: VBox Satellite Express driver Privilege Escalation for Windows 7 & XP
• KL-001-2015-004: XGI VGA driver Privilege Escalation for Windows XP
• KL-001-2015-003: SiS VGA driver Privilege Escalation for Windows 7 & XP
• KL-001-2015-002: Piriform CCleaner Wiped Filename Recovery
• KL-001-2015-001: Windows 2003 tcpip.sys Privilege Escalation
• KL-001-2014-004: VMWare vmx86.sys Arbitrary Kernel Read
• KL-001-2014-003: MQAC driver Privilege Escalation for Windows XP
• KL-001-2014-002: BthPan.sys Arbitrary Write Privilege Escalation for Windows XP
• KL-001-2014-001: VirtualBox Privilege Escalation on Windows XP