[CVE-2018-7580] – Philips Hue Denial of Service
Posted by Ilia Shnaidman on Dec 25 Credits: Ilia Shnaidman @0x496c on Twitter https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V...
vulnerability
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Dec 25Thanks, Reed. I've updated the GitHub repository name to reflect this change. The detailed...
AST-2020-004: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-004 Product Asterisk Summary Remote crash in...
AST-2020-003: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-003 Product Asterisk Summary Remote crash in...
Rocket.Chat Path Traversal
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write...
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if...
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/...
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last...
Rocket.Chat quietly patches XSS vulnerability
Posted by Moe Szyslak on Dec 18Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Broken encryption with guessable static encryption key [CVE-2020-8995]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken...
SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
Posted by SEC Consult Vulnerability Lab on Dec 17SEC Consult Vulnerability Lab Security Advisory < 20201217-0 > ======================================================================= title: Multiple...
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big...
APPLE-SA-2020-12-14-9 macOS Server 5.11
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-9 macOS Server 5.11 macOS Server 5.11 addresses the following issues....
APPLE-SA-2020-12-14-8 Safari 14.0.2
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-8 Safari 14.0.2 Safari 14.0.2 addresses the following issues. Information about...
APPLE-SA-2020-12-14-7 tvOS 14.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-7 tvOS 14.3 tvOS 14.3 addresses the following issues. Information about...
APPLE-SA-2020-12-14-6 watchOS 6.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-6 watchOS 6.3 watchOS 6.3 addresses the following issues. Information about...
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Cross-site request forgery (CSRF) Product: OpenAsset Digital Asset Management by OpenAsset...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Roberto Franceschetti on Dec 11No. Secure antivirus deployments would include a "tamper protection" password. You cannot uninstall the...
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Stored cross-site scripting (XSS) Product: OpenAsset Digital Asset Management by OpenAsset...
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset...
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure.
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Self-reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/...
Huawei HedEx Lite (DM) – Path Traversal Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability References (Source):...
