Vulnerabilities

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

October 12, 2020

Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected...

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

October 9, 2020

Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

October 9, 2020

Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

October 8, 2020

Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

October 6, 2020

Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

October 6, 2020

Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...

CVE-2020-25790

October 6, 2020

Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

October 6, 2020

Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

October 5, 2020

Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201002-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201001-0 > ======================================================================= title: Broken...

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

October 2, 2020

Posted by Micha Borrmann on Oct 02Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

October 2, 2020

Posted by Advisories on Oct 02############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: SAML v2.0...

CSNC-2020-005 – Checkmk Local Privilege Escalation

October 2, 2020

Posted by Advisories on Oct 02################################################################################ # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ################################################################################ # # Product: Checkmk #...

Re: Navy Federal Reflective Cross Site Scripting (XSS)

September 30, 2020

Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 29Good evening. Because of the nature of the software and vulnerabilities we...

CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]

September 30, 2020

Posted by Dirk-Willem van Gulik on Sep 29 (Corona) Exposure Notifications API for Apple iOS and Google Android risk of...

Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

September 29, 2020

Posted by Red Timmy Security on Sep 29WP Courses is a Wordpress plugin allowing to define courses with lessons. The...

[SYSS-2020-025] DOMOS 5.8 – OS Command Injection

September 29, 2020

Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Version(s): <= DOMOS 5.8 Tested...

[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting

September 29, 2020

Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...

[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)

September 29, 2020

Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...

Regarding the semi-recent OnBase vulnerabilities

September 29, 2020

Posted by Ken on Sep 29In response to the recent OnBase v19.8.9.1000 and v18.0.0.32 vulnerability disclosures a few weeks ago,...

APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

September 25, 2020

Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra,...

Google’s osconfig agent – local privilege escalation

September 22, 2020

Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...

[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading

September 22, 2020

Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...

Vulnerabilities

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

CVE-2020-25790

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

CSNC-2020-005 – Checkmk Local Privilege Escalation

Re: Navy Federal Reflective Cross Site Scripting (XSS)

CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]

Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

[SYSS-2020-025] DOMOS 5.8 – OS Command Injection

[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting

[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)

Regarding the semi-recent OnBase vulnerabilities

APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

Google’s osconfig agent – local privilege escalation

[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading

[FUNKSEC] – Ransomware Victim: devoutdigital[.]com

CVE Alert: CVE-2024-47515

CVE Alert: CVE-2024-12582

CVE Alert: CVE-2024-9427

[FOG] – Ransomware Victim: Aroma Housewares Co (Aromaco[.]com)

You may have missed