Tried, Tested and Proven

Portcullis security advisories are published for significant security issues that require an upgrade, fix, or other action.

In all security publications, we disclose the minimum amount of information required for an end-user to assess the
impact of a vulnerability and any potential steps needed to protect their environment.

Read our Co-ordinated Disclosure Policy.

CVE-2014-9230 – Reflective XSS In Symantec Data Loss Prevention (DLP)

CVE-2015-6574 – Remote Denial Of Service In SISCO SNAP-Lite Utility

CVE-2016-1921 – Denial Of Service Via Names Pipes In SAP ECC

CVE-2014-2045 – Multiple Instances Of XSS In Viprinet Multichannel VPN Router 300

CVE-2014-9754 – Remote SSL VPN Endpoint Identity Not Verified In Viprinet Multichannel VPN Router 300

CVE-2015-7724 – Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

CVE-2015-7723 – Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver

CVE-2015-5074 – Arbitrary File Upload In X2Engine Inc. X2Engine

CVE-2015-5075 – Cross-Site Request Forgery In X2Engine Inc. X2Engine

CVE-2015-5076 – Reflective XSS In X2Engine Inc. X2Engine

CVE-2015-1438 – Arbitrary Code Execution In Panda Security Multiple Products [PSKMAD.sys]

CVE-2015-4426 – SQL Injection In Pimcore CMS

CVE-2015-4425 – Directory Traversal/Configuration Update In Pimcore CMS

CVE-2015-3621 – SetUID/SetGID Program Allows Privilege Escalation Via Tainted PATH In SAP ECC

CVE-2015-3449 – Privilege Escalation In SAP Afaria XeService.exe