Roundcube issue – Auth bypass via Improper Session Management
Posted by Balázs Hambalkó on Sep 01Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 -...
vulnerability
Bagisto: Default credentials for admin interface
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Bagisto: Insecure installation in sub-directories
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
SUPERAntiSpyware Professional X Trial < 10.0.1206 Local Privilege Escalation
Posted by b1nary on Aug 29# Vulnerability Description SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local...
Missing Trust Validation in Visual Studio’s VSIX Installer
Posted by Ostovary, Daniel on Aug 29Hi, we have recently discovered a vulnerability in the VSIX Installer of Visual Studio....
Three vulnerabilities found in MikroTik’s RouterOS
Posted by Q C on Aug 29Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200827-0 > ======================================================================= title: Multiple...
SEC Consult SA-20200826-0 :: Extensive file permissions on service executable in Eikon Thomson Reuters
Posted by SEC Consult Vulnerability Lab on Aug 27SEC Consult Vulnerability Lab Security Advisory < 20200826-0 > ======================================================================= title: Extensive...
A Tale of Escaping a Hardened Docker container
Posted by Red Timmy Security on Aug 25Hello, in a recent security assessment we have managed to escape out of...
NEProfile – Host Header Injection
Posted by ghost on Aug 25 Exploit Title: NEProfile - Host Header Injection Date: 5/13/2020 Vendor Homepage: https://seczetta.com Software Link:...
Google Chromecast Auth Bypass/RCE
Posted by Benjamin Floyd on Aug 25Problem: Most modern Google-based smart devices run some form of Chromecast (and a version...
CVE-2020-24548 / Ericom Access Server for (AccessNow & Ericom Blaze) v9.2.0 / Server Side Request Forgery
Posted by hyp3rlinx on Aug 25 Credits: John Page (aka hyp3rlinx) Website: hyp3rlinx.altervista.org Source:http://hyp3rlinx.altervista.org/advisories/ERICOM-ACCESS-SERVER-ACCESS-NOW-BLAZE-9.2.0-SERVER-SIDE-REQUEST-FORGERY.txt twitter.com/hyp3rlinx ISR: ApparitionSec www.ericom.com Ericom Access...
Open-Xchange Security Advisory 2020-08-20
Posted by Open-Xchange GmbH via Fulldisclosure on Aug 21Dear subscribers, we're sharing our latest advisory with you and like to...
Payment bypass in WordPress – WooCommerce – NAB Transact plugin disclosure
Posted by Jack Misiura via Fulldisclosure on Aug 21Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/...
New Release: UFONet v1.6 – “M4RAuD3R!”…
Posted by psy on Aug 17Hi Community, I am glad to present a new release of this tool: - https://ufonet.03c8.net...
Two vulnerabilities found in MikroTik’s RouterOS
Posted by Q C on Aug 14Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
Avian JVM vm::arrayCopy() silent return on negative length
Posted by Pietro Oliva via Fulldisclosure on Aug 11Vulnerability title: Avian JVM vm::arrayCopy() silent return on negative length Author: Pietro...
Avian JVM vm::arrayCopy() Multiple Integer Overflows
Posted by Pietro Oliva via Fulldisclosure on Aug 11Vulnerability title: Avian JVM vm::arrayCopy() Multiple Integer Overflows Author: Pietro Oliva CVE:...
SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability
Posted by Egidio Romano on Aug 11SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability *• Software Link:*https://www.sugarcrm.com *• Affected Versions:*...
CVE-2019-1663 | Cisco Routers – Critical 9.8 CVSS Score
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical...
CVE-2019-1674 | New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker...
High-Severity SHAREit App Flaws Open Files for the Taking
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism...
CVE-2019-6340 | Drupal RCE Vulnerability
The remote execution flaw exists because some field types do not properly sanitize data from non-form sources and this can...
CVE-2019-8912 | Use After Free Arbitrary Code Execution Vulnerability for many Linux Kernels
Linux Kernel is prone to an arbitrary code-execution vulnerability.An attacker can exploit this issue to execute arbitrary code in the...
