Fancy Product Designer for WooCommerce – Stored XSS via SVG upload
Posted by Jonathan Gregson via Fulldisclosure on Nov 17## About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce...
vulnerability
SugarCRM v6.5.18 – (Employees) Persistent Cross Site Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2257...
SugarCRM v6.5.18 – (Contacts) Persistent Cross Site Web Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability References (Source):...
Intel NUC – Local Privilege Escalation Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Intel NUC - Local Privilege Escalation Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2267http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525 CVE-ID:...
Buddypress v6.2.0 WP Plugin – Persistent Web Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2263...
Froxlor v0.10.16 CP – (Customer) Persistent Vulnerability
Posted by Vulnerability Lab on Nov 16Document Title: =============== Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2241 Release...
APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the...
APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005...
APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 addresses the...
APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS...
APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 addresses the...
Scope of Debian’s /home/loser is with permissions 755, default umask 002
Posted by Georgi Guninski on Nov 12On Debian /home/loser is with permissions 755, default umask 0022 (If you don't understand...
Avian JVM FileOutputStream.write() Integer Overflow
Posted by Pietro Oliva via Fulldisclosure on Nov 12Vulnerability title: Avian JVM FileOutputStream.write() Integer Overflow Author: Pietro Oliva Vendor: ReadyTalk...
NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3)
Posted by hyp3rlinx on Nov 10from subprocess import Popen, PIPE import sys,argparse,re #MIT License #Copyright (c) 2020 John Page (aka...
[No cON Name] #ncn2k20 CFP online – Barcelona
Posted by José Nicolás Castellano on Nov 10No cON Name 2020 - Online Edition Call For Papers https://www.noconname.org/call-for-papers/    *...
Advisory: ES2020-02 – Asterisk crash due to INVITE flood over TCP
Posted by Sandro Gauci on Nov 06# Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1,...
secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication
Posted by Tobias Glemser on Nov 06secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Affected Products OvulaRing Webapp Version 4.2.2...
APPLE-SA-2020-11-05-7 tvOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-7 tvOS 14.2 tvOS 14.2 is now available and address the...
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 iOS 14.2 and iPadOS 14.2...
APPLE-SA-2020-11-05-2 iOS 12.4.9
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-2 iOS 12.4.9 iOS 12.4.9 is now available and address the...
AST-2020-002: Outbound INVITE loop on challenge with different nonce.
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory – AST-2020-002 Product Asterisk Summary Outbound INVITE loop...
AST-2020-001: Remote crash in res_pjsip_session
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in...
Git LFS (git-lfs) – Remote Code Execution (RCE) exploit CVE-2020-27955 – Clone to Pwn
Posted by Dawid Golunski on Nov 05/* Go PoC exploit for git-lfs - Remote Code Execution (RCE) vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...
SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
Posted by SEC Consult Vulnerability Lab on Nov 04SEC Consult Vulnerability Lab Security Advisory < 20201104-0 > ======================================================================= title: Multiple...
