[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...
vulnerability
[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
Regarding the semi-recent OnBase vulnerabilities
Posted by Ken on Sep 29In response to the recent OnBase v19.8.9.1000 and v18.0.0.32 vulnerability disclosures a few weeks ago,...
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra,...
Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
APPLE-SA-2020-09-16-5 Xcode 12.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-5 Xcode 12.0 Xcode 12.0 is now available and addresses the...
APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 is now available and addresses the...
APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-2 tvOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0...
[CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
Posted by Julien Ahrens (RCE Security) on Sep 15RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor...
ModSecurity v3 affected by DoS (CVE-2020-15598)
Posted by Christian Folini on Sep 15ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global...
ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
Posted by Andreas Sperber on Sep 15# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s)...
Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software
Posted by hyp3rlinx on Sep 11 Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software Credits: John...
CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8152 – Elevation of Privilege in Backblaze --------------------------------------------------- Summary ======= Name: Elevation of Privilege...
CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze ------------------------------------------------------------------ Summary ======= Name: Remote...
Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37
Posted by Daniel Bishtawi via Fulldisclosure on Sep 11Hello, We are informing you about Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37....
Hyland OnBase 19.x and below – XML External Entity (XXE) Injection
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Insecure Deserialization
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
Hyland OnBase 19.x and below – Path Traversal
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 07CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)...
