CVE-2020-35269
Summary: Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding –...
vulnerability
CVE-2020-13654
Summary: XWiki Platform before 12.8 mishandles escaping in the property displayer. Reference Links(if available): https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8 https://jira.xwiki.org/browse/XWIKI-17374 https://github.com/xwiki/xwiki-platform/pull/1315 CVSS Score (if...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-25845
Summary: Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected...
CVE-2019-19680
Summary: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-4916
Summary: IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...
CVE-2020-4928
Summary: IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request...
survey on reliability of CVSS
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability...
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:* |7.0.1.433| (Windows)...
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
CarolinaCon Online CFP
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we...
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
[CVE-2018-7580] – Philips Hue Denial of Service
Posted by Ilia Shnaidman on Dec 25 Credits: Ilia Shnaidman @0x496c on Twitter https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V...
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Dec 25Thanks, Reed. I've updated the GitHub repository name to reflect this change. The detailed...
AST-2020-004: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-004 Product Asterisk Summary Remote crash in...
AST-2020-003: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-003 Product Asterisk Summary Remote crash in...
Rocket.Chat Path Traversal
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write...
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if...
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/...
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last...
Rocket.Chat quietly patches XSS vulnerability
Posted by Moe Szyslak on Dec 18Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update...
