Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021...
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023...
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022...
Posted by SEC Consult Vulnerability Lab on Sep 02SEC Consult Vulnerability Lab Security Advisory < 20200902-0 > ======================================================================= title: Multiple...
Posted by RedTeam Pentesting GmbH on Sep 02Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site...
Posted by Sandro Gauci on Sep 01# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf - Fixed...
Posted by Ryan Delaney on Sep 01<!-- # Exploit Title: Sagemcom router insecure deserialization > privilege escalation # Date: 08-31-2020...
Posted by Balázs Hambalkó on Sep 01Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 -...
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Posted by b1nary on Aug 29# Vulnerability Description SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local...
Posted by Ostovary, Daniel on Aug 29Hi, we have recently discovered a vulnerability in the VSIX Installer of Visual Studio....
Posted by Q C on Aug 29Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200827-0 > ======================================================================= title: Multiple...
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200826-0 > ======================================================================= title: Extensive...
Posted by Red Timmy Security on Aug 25Hello, in a recent security assessment we have managed to escape out of...
Posted by ghost on Aug 25 Exploit Title: NEProfile - Host Header Injection Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link:...
Posted by Benjamin Floyd on Aug 25Problem: Most modern Google-based smart devices run some form of Chromecast (and a version...
Posted by hyp3rlinx on Aug 25 Credits: John Page (aka hyp3rlinx) Website: hyp3rlinx.altervista.org Source:http://hyp3rlinx.altervista.org/advisories/ERICOM-ACCESS-SERVER-ACCESS-NOW-BLAZE-9.2.0-SERVER-SIDE-REQUEST-FORGERY.txt twitter.com/hyp3rlinx ISR: ApparitionSec www.ericom.com Ericom Access...
Posted by Open-Xchange GmbH via Fulldisclosure on Aug 21Dear subscribers, we're sharing our latest advisory with you and like to...
Posted by Jack Misiura via Fulldisclosure on Aug 21Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/...
Posted by psy on Aug 17Hi Community, I am glad to present a new release of this tool: - https://ufonet.03c8.net...
Posted by Q C on Aug 14Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
Posted by Pietro Oliva via Fulldisclosure on Aug 11Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length Author: Pietro...
