ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
Posted by Andreas Sperber on Sep 15# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s)...
Vulnerabilities
Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software
Posted by hyp3rlinx on Sep 11 Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software Credits: John...
CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8152 – Elevation of Privilege in Backblaze --------------------------------------------------- Summary ======= Name: Elevation of Privilege...
CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze ------------------------------------------------------------------ Summary ======= Name: Remote...
Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37
Posted by Daniel Bishtawi via Fulldisclosure on Sep 11Hello, We are informing you about Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37....
Hyland OnBase 19.x and below – XML External Entity (XXE) Injection
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Insecure Deserialization
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Path Traversal
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – DLL Hijacking
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Unity Client Malformed Image Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Hardcoded PKI Certificates And AES Key Material
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Log Injection And Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Open Source Tool | vPrioritization | Risk Prioritization Framework
Posted by Pramod Rana on Sep 04It is no secret that today we have more vulnerabilities than we can assess...
Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) – exploit
Posted by Red Timmy Security on Sep 04Hi, we have just released an exploit for CVE-2020-13162. This vulnerability affects the...
Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25021...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023...
Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022...
SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
Posted by SEC Consult Vulnerability Lab on Sep 02SEC Consult Vulnerability Lab Security Advisory < 20200902-0 > ======================================================================= title: Multiple...
[RT-SA-2020-004] Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting
Posted by RedTeam Pentesting GmbH on Sep 02Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site...
Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
Posted by Sandro Gauci on Sep 01# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf - Fixed...
Sagemcom router insecure deserialization > privilege escalation
Posted by Ryan Delaney on Sep 01<!-- # Exploit Title: Sagemcom router insecure deserialization > privilege escalation # Date: 08-31-2020...
Roundcube issue – Auth bypass via Improper Session Management
Posted by Balázs Hambalkó on Sep 01Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 -...
Bagisto: Default credentials for admin interface
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Bagisto: Insecure installation in sub-directories
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
