Bagisto: Default credentials for admin interface
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
exploit
Bagisto: Insecure installation in sub-directories
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
SUPERAntiSpyware Professional X Trial < 10.0.1206 Local Privilege Escalation
Posted by b1nary on Aug 29# Vulnerability Description SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local...
Missing Trust Validation in Visual Studio’s VSIX Installer
Posted by Ostovary, Daniel on Aug 29Hi, we have recently discovered a vulnerability in the VSIX Installer of Visual Studio....
Three vulnerabilities found in MikroTik’s RouterOS
Posted by Q C on Aug 29Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200827-0 > ======================================================================= title: Multiple...
SEC Consult SA-20200826-0 :: Extensive file permissions on service executable in Eikon Thomson Reuters
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200826-0 > ======================================================================= title: Extensive...
A Tale of Escaping a Hardened Docker container
Posted by Red Timmy Security on Aug 25Hello, in a recent security assessment we have managed to escape out of...
NEProfile – Host Header Injection
Posted by ghost on Aug 25 Exploit Title: NEProfile - Host Header Injection Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link:...
Google Chromecast Auth Bypass/RCE
Posted by Benjamin Floyd on Aug 25Problem: Most modern Google-based smart devices run some form of Chromecast (and a version...
CVE-2020-24548 / Ericom Access Server for (AccessNow & Ericom Blaze) v9.2.0 / Server Side Request Forgery
Posted by hyp3rlinx on Aug 25 Credits: John Page (aka hyp3rlinx) Website: hyp3rlinx.altervista.org Source:http://hyp3rlinx.altervista.org/advisories/ERICOM-ACCESS-SERVER-ACCESS-NOW-BLAZE-9.2.0-SERVER-SIDE-REQUEST-FORGERY.txt twitter.com/hyp3rlinx ISR: ApparitionSec www.ericom.com Ericom Access...
Open-Xchange Security Advisory 2020-08-20
Posted by Open-Xchange GmbH via Fulldisclosure on Aug 21Dear subscribers, we're sharing our latest advisory with you and like to...
Payment bypass in WordPress – WooCommerce – NAB Transact plugin disclosure
Posted by Jack Misiura via Fulldisclosure on Aug 21Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/...
New Release: UFONet v1.6 – “M4RAuD3R!”…
Posted by psy on Aug 17Hi Community, I am glad to present a new release of this tool: - https://ufonet.03c8.net...
Two vulnerabilities found in MikroTik’s RouterOS
Posted by Q C on Aug 14Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
Avian JVM vm::arrayCopy() silent return on negative length
Posted by Pietro Oliva via Fulldisclosure on Aug 11Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length Author: Pietro...
Avian JVM vm::arrayCopy() Multiple Integer Overflows
Posted by Pietro Oliva via Fulldisclosure on Aug 11Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows Author: Pietro Oliva CVE:...
SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability
Posted by Egidio Romano on Aug 11SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability *• Software Link:*https://www.sugarcrm.com *• Affected Versions:*...
Chrome Zero-Day Exploited to Harvest User Data via PDF Files
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect...
High-Severity SHAREit App Flaws Open Files for the Taking
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism...
dirty_sock: Linux Privilege Escalation (via snapd)
In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a...
Testing for the dirty cow CVE-2016-5195?
On october 19 2016, the Dirty Cow vulnerability went public (which is kernel privilege escalation vulnerability) . From what I...
CVE-2015-2502 Microsoft issues emergency patch for all versions of Windows
This is the second "critical" out-of-band patch issued in as many months. It's all Internet Explorer's fault -- again. Microsoft...
VW tried to hide hacking exploits on its cars
For 2 years VW tried to hide the exploits that made its cars hack-able . Now, many might be getting...
