CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
Vulnerabilities
CVE-2020-4916
Summary: IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...
CVE-2020-4928
Summary: IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request...
CVE-2020-26217
Summary: XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary...
CVE-2020-0688 – Microsoft / Exchange – Memory corruption
Summary: CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently...
CVE-2020-14871 – Oracle / Solaris – Unspecified
Summary: CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open...
CVE-2019-12840 – Webmin / Webmin – OS command injection
Summary: CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in...
CVE-2019-12840 – Webmin/Webmin – OS command injection vulnerability
Summary: CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in...
CVE-2020-14871 – Oracle/Solaris – unspecified vulnerability
Summary: CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open...
CVE-2020-0688 – Microsoft/Exchange
Summary: CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently...
survey on reliability of CVSS
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability...
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:*Â |7.0.1.433|Â (Windows)...
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
CarolinaCon Online CFP
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we...
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
[CVE-2018-7580] – Philips Hue Denial of Service
Posted by Ilia Shnaidman on Dec 25 Credits: Ilia Shnaidman @0x496c on Twitter https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V...
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Dec 25Thanks, Reed. I've updated the GitHub repository name to reflect this change. The detailed...
AST-2020-004: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-004 Product Asterisk Summary Remote crash in...
AST-2020-003: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-003 Product Asterisk Summary Remote crash in...
Rocket.Chat Path Traversal
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write...
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if...
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/...
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last...
