vulnerability

Re: Google’s Android: remote install backdoor in Google Play Services

October 20, 2020

Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...

[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

October 19, 2020

Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...

Open-Xchange Security Advisory 2020-10-13

October 16, 2020

Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers, we're sharing our latest advisory with you and like to...

Re: Google’s Android: remote install backdoor in Google Play Services

October 16, 2020

Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks, In short, Google's playstore receives notifications from Google and...

Java deserialization vulnerability in QRadar RemoteJavaScript Servlet

October 16, 2020

Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A...

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

October 12, 2020

Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected...

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

October 9, 2020

Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

October 9, 2020

Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

October 8, 2020

Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

October 6, 2020

Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

October 6, 2020

Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...

CVE-2020-25790

October 6, 2020

Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

October 6, 2020

Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

October 5, 2020

Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201002-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201001-0 > ======================================================================= title: Broken...

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

October 2, 2020

Posted by Micha Borrmann on Oct 02Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...

How to build Win2k3

October 2, 2020

Posted by Gregory Boddin on Oct 02NTDEV is suffering for us. But this video is not his responsibility anymore.https://media.leakix.net/ntdev/BuildW2k3/ Here...

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

October 2, 2020

Posted by Advisories on Oct 02############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: SAML v2.0...

CSNC-2020-005 – Checkmk Local Privilege Escalation

October 2, 2020

Posted by Advisories on Oct 02################################################################################ # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ################################################################################ # # Product: Checkmk #...

vulnerability

Re: Google’s Android: remote install backdoor in Google Play Services

[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

Open-Xchange Security Advisory 2020-10-13

Re: Google’s Android: remote install backdoor in Google Play Services

Java deserialization vulnerability in QRadar RemoteJavaScript Servlet

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

CVE-2020-25790

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

How to build Win2k3

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

CSNC-2020-005 – Checkmk Local Privilege Escalation

Re: Navy Federal Reflective Cross Site Scripting (XSS)

CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]

Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

[SYSS-2020-025] DOMOS 5.8 – OS Command Injection

2035 Deadline for Post-Quantum Cryptography Migration: NCSC Guidance

Confidence in Cybersecurity Among UK CNI Leaders Amid 95% Breach Rate

Pennsylvania Schools Union Breach Affects Over Half a Million Members

FishMonger APT Group Exposed: Connection to I-SOON in Cyber-Espionage Campaigns

UK Police Apprehend 422 in Significant Fraud Crackdown Efforts

You may have missed