APPLE-SA-2020-12-14-8 Safari 14.0.2
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-8 Safari 14.0.2 Safari 14.0.2 addresses the following issues. Information about...
vulnerabilities
APPLE-SA-2020-12-14-7 tvOS 14.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-7 tvOS 14.3 tvOS 14.3 addresses the following issues. Information about...
APPLE-SA-2020-12-14-6 watchOS 6.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-6 watchOS 6.3 watchOS 6.3 addresses the following issues. Information about...
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Cross-site request forgery (CSRF) Product: OpenAsset Digital Asset Management by OpenAsset...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Roberto Franceschetti on Dec 11No. Secure antivirus deployments would include a "tamper protection" password. You cannot uninstall the...
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Stored cross-site scripting (XSS) Product: OpenAsset Digital Asset Management by OpenAsset...
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset...
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure.
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Self-reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/...
Huawei HedEx Lite (DM) – Path Traversal Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability References (Source):...
VestaCP v0.9.8-26 – (LoginAs) Token Session Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2240 Release...
VestaCP v0.9.8-26 – Insufficient Session Validation Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2238...
VestaCP v0.9.8-26 – (period) Cross Site Scripting Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability References (Source):...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Exibar on Dec 08Would this not be the same as uninstalling the AV application in safemode? -----Original Message-----...
Disable Windows Defender and most other 3rd party antiviruses
Posted by Roberto Franceschetti on Dec 07Windows Defender and most other antivirus applications can be disabled by booting into safe...
Request for full disclosure of CVE-2020-25889 & CVE-2020-25955
Posted by krishna yadav on Dec 07Dear Team, Please find attached POC and detailed information for CVE-2020-25889 & CVE-2020-25955. For...
ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885)
Posted by def on Dec 04#!/bin/sh # ProCaster LE-32F430 (NotSo)SmartTV remote code execution exploit through # GStreamer souphttpsrc libsoup/2.51.3 HTTP...
New BlackArch Linux ISOs + OVA Image released!
Posted by Black Arch on Dec 04Dear list, We've released new BlackArch Linux ISOs and OVA image (version 2020.12.01). Many...
Bundeswehr VDPBw 50+ reported vulnerabilities
Posted by Vulnerability Lab on Dec 03Department: Bundeswehr - CIR Title: Over 50 reported weaknesses - a first conclusion on...
Re: Etherify 4 – jumping air gaps with real ethernet hardware
Posted by Dave Horsfall on Dec 01I'm impressed, but for all the wrong reasons :-) -- Dave VK2KFU If you...
scikit-learn 0.23.2 Local Denial of Service
Posted by pabloec20 on Nov 30 svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products,...
Etherify 4 – jumping air gaps with real ethernet hardware
Posted by Jacek Lipkowski on Nov 30Hello, Another amusing etherify hack, this time not with raspberry pis, but with normal...
SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V
Posted by SEC Consult Vulnerability Lab on Nov 23SEC Consult Vulnerability Lab Security Advisory < 20201123-0 > ======================================================================= title: Multiple...
CA20201116-01: Security Notice for CA Unified Infrastructure Management
Posted by Ken Williams via Fulldisclosure on Nov 23CA20201116-01: Security Notice for CA Unified Infrastructure Management Issued: November 16th, 2020...
KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password
Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password Title: Barco wePresent...
