Advisory: ES2020-02 – Asterisk crash due to INVITE flood over TCP
Posted by Sandro Gauci on Nov 06# Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1,...
Posted by Sandro Gauci on Nov 06# Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1,...
Posted by Tobias Glemser on Nov 06secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Affected Products OvulaRing Webapp Version 4.2.2...
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-7 tvOS 14.2 tvOS 14.2 is now available and address the...
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 iOS 14.2 and iPadOS 14.2...
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-2 iOS 12.4.9 iOS 12.4.9 is now available and address the...
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory – AST-2020-002 Product Asterisk Summary Outbound INVITE loop...
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in...
Posted by Dawid Golunski on Nov 05/* Go PoC exploit for git-lfs - Remote Code Execution (RCE) vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...
Posted by SEC Consult Vulnerability Lab on Nov 04SEC Consult Vulnerability Lab Security Advisory < 20201104-0 > ======================================================================= title: Multiple...
Posted by Marcin Kozlowski on Oct 30Hi list, Debugged this issue, but somehow cannot trigger the crash in Chrome. Seems...
Posted by Vulnerability Lab on Oct 29Title: German armed forces launch security vulnerability disclosure program Source:https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program Reference:https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242 If you like...
Posted by Julien Ahrens (RCE Security) on Oct 27RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL:...
Posted by Kevin R on Oct 23files through a TFTP GET request Use CVE-2020-24990. If you like the site, please...
Posted by SEC Consult Vulnerability Lab on Oct 23SEC Consult Vulnerability Lab Security Advisory < 20201023-0 > ======================================================================= title: PubliXone...
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the...
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...
Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...
Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers, we're sharing our latest advisory with you and like to...
Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks, In short, Google's playstore receives notifications from Google and...
Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A...