Chrome heap buffer overflow in freetype2 CVE-2020-15999
Posted by Marcin Kozlowski on Oct 30Hi list, Debugged this issue, but somehow cannot trigger the crash in Chrome. Seems...
vulnerability
German armed forces launch security vulnerability disclosure program
Posted by Vulnerability Lab on Oct 29Title: German armed forces launch security vulnerability disclosure program Source:https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program Reference:https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242 If you like...
[CVE-2020-25204] God Kings “com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver” Improper Authorization Allowing In-Game Notification Spoofing
Posted by Julien Ahrens (RCE Security) on Oct 27RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL:...
CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal
Posted by Kevin R on Oct 23files through a TFTP GET request Use CVE-2020-24990. If you like the site, please...
Unicorn Emulator 1.0.2 is out!
Posted by Nguyen Anh Quynh on Oct 23Greetings! We are very happy to announce version 1.0.2 of Unicorn Emulator! It...
SEC Consult SA-20201023-0 :: Multiple Vulnerabilities in PubliXone
Posted by SEC Consult Vulnerability Lab on Oct 23SEC Consult Vulnerability Lab Security Advisory < 20201023-0 > ======================================================================= title: PubliXone...
VL 2020-10-22 – German Bundeswehr starts own Responsible Disclosure Program (VDPBw)
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the...
[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
LISTSERV Maestro Remote Code Execution Vulnerability
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...
[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass
Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...
Open-Xchange Security Advisory 2020-10-13
Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers, we're sharing our latest advisory with you and like to...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks, In short, Google's playstore receives notifications from Google and...
Java deserialization vulnerability in QRadar RemoteJavaScript Servlet
Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A...
SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW
Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected...
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...
SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins
Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...
[RT-SA-2020-002] Denial of Service in D-Link DSR-250N
Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...
Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities
Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...
CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues
Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...
CVE-2020-25790
Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...
FortSIEM <= 5.2.8 RCE due to EL Injection – analysis
Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...
