Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
vulnerabilities
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
APPLE-SA-2020-09-16-5 Xcode 12.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-5 Xcode 12.0 Xcode 12.0 is now available and addresses the...
APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 is now available and addresses the...
APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-2 tvOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0...
[CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
Posted by Julien Ahrens (RCE Security) on Sep 15RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor...
ModSecurity v3 affected by DoS (CVE-2020-15598)
Posted by Christian Folini on Sep 15ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global...
ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
Posted by Andreas Sperber on Sep 15# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s)...
Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software
Posted by hyp3rlinx on Sep 11 Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software Credits: John...
CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8152 – Elevation of Privilege in Backblaze --------------------------------------------------- Summary ======= Name: Elevation of Privilege...
CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze ------------------------------------------------------------------ Summary ======= Name: Remote...
Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37
Posted by Daniel Bishtawi via Fulldisclosure on Sep 11Hello, We are informing you about Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37....
Hyland OnBase 19.x and below – XML External Entity (XXE) Injection
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Insecure Deserialization
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Path Traversal
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – DLL Hijacking
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Unity Client Malformed Image Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Hardcoded PKI Certificates And AES Key Material
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Log Injection And Denial Of Service
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
