ras-it.rs/research

Research

Common Vulnerabilities and Exposures (CVE)

Our team has discovered and responsibly disclosed a number of security vulnerabilities. Below is a selection of published CVEs with their associated severity scores.

CVE ID	Description	CVSS
CVE-2004-0790	Microsoft Windows TCP/IP Stack denial of service	7.5
CVE-2005-0688	Microsoft Windows IPv6 Stack denial of service	7.5
CVE-2008-6967	Alt-N MDaemon cross site scripting	4.3
CVE-2009-1484	Gecad AXIGEN Mail Server cross site scripting	4.3
CVE-2009-1801	FreePBX reports.php cross site scripting	4.3
CVE-2009-1802	FreePBX cross site request forgery	6.3
CVE-2009-1803	FreePBX Error Message information disclosure	5.3
CVE-2009-2455	@Mail 'admin.php' Cross-Site Scripting Vulnerabilities	4.3
CVE-2009-4038	NCH Axon Virtual PBX cross site scripting	4.3
CVE-2009-5087	Geovision Digital Surveillance System directory traversal	5.3
CVE-2018-2090	LAMS < 3.1 - Cross-Site Scripting	6.1
CVE-2019-0951	Microsoft SharePoint Server CVE-2019-0951 Spoofing Vulnerability	5.4
CVE-2022-25625	Symantec/Broadcom Privileged Access Management (PAM) - Privilege Escalation Vulnerability	8.2
CVE-2023-42784	Fortinet FortiWeb - Web application firewall rules bypass	5.5
CVE-2025-13746	ForumWP Stored Cross-Site Scripting	6.4

Responsible disclosure: All identified vulnerabilities were reported responsibly to the affected vendors or maintainers, in accordance with coordinated disclosure practices. Public disclosure was performed only after vendors had sufficient time to address the reported issues or release security updates.

All vulnerabilities were disclosed responsibly and assigned official CVE identifiers.