Open-Xchange Security Advisory 2020-10-13
Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers, we're sharing our latest advisory with you and like to...
vulnerabilities
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks, In short, Google's playstore receives notifications from Google and...
Java deserialization vulnerability in QRadar RemoteJavaScript Servlet
Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A...
SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW
Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected...
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...
SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins
Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...
[RT-SA-2020-002] Denial of Service in D-Link DSR-250N
Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...
Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities
Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...
CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues
Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...
CVE-2020-25790
Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...
FortSIEM <= 5.2.8 RCE due to EL Injection – analysis
Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...
SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series
Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...
SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)
Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201002-0 > ======================================================================= title: Multiple...
SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile
Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201001-0 > ======================================================================= title: Broken...
[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)
Posted by Micha Borrmann on Oct 02Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
How to build Win2k3
Posted by Gregory Boddin on Oct 02NTDEV is suffering for us. But this video is not his responsibility anymore.https://media.leakix.net/ntdev/BuildW2k3/ Here...
CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack
Posted by Advisories on Oct 02############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: SAML v2.0...
CSNC-2020-005 – Checkmk Local Privilege Escalation
Posted by Advisories on Oct 02################################################################################ # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ################################################################################ # # Product: Checkmk #...
Re: Navy Federal Reflective Cross Site Scripting (XSS)
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 29Good evening. Because of the nature of the software and vulnerabilities we...
CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]
Posted by Dirk-Willem van Gulik on Sep 29 (Corona) Exposure Notifications API for Apple iOS and Google Android risk of...
Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
Posted by Red Timmy Security on Sep 29WP Courses is a Wordpress plugin allowing to define courses with lessons. The...
[SYSS-2020-025] DOMOS 5.8 – OS Command Injection
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Version(s): <= DOMOS 5.8 Tested...
[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...
[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
