vulns

Java deserialization vulnerability in QRadar RemoteJavaScript Servlet

October 16, 2020

Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------ Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A...

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

October 12, 2020

Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected...

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

October 9, 2020

Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

October 9, 2020

Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

October 8, 2020

Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

October 6, 2020

Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

October 6, 2020

Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...

CVE-2020-25790

October 6, 2020

Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

October 6, 2020

Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

October 5, 2020

Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201002-0 > ======================================================================= title: Multiple...

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

October 3, 2020

Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201001-0 > ======================================================================= title: Broken...

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

October 2, 2020

Posted by Micha Borrmann on Oct 02Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...

How to build Win2k3

October 2, 2020

Posted by Gregory Boddin on Oct 02NTDEV is suffering for us. But this video is not his responsibility anymore.https://media.leakix.net/ntdev/BuildW2k3/ Here...

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

October 2, 2020

Posted by Advisories on Oct 02############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: SAML v2.0...

CSNC-2020-005 – Checkmk Local Privilege Escalation

October 2, 2020

Posted by Advisories on Oct 02################################################################################ # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ################################################################################ # # Product: Checkmk #...

APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

September 25, 2020

Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra,...

vulns

Java deserialization vulnerability in QRadar RemoteJavaScript Servlet

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

CVE-2020-25790

FortSIEM <= 5.2.8 RCE due to EL Injection – analysis

SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series

SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)

SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile

[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)

How to build Win2k3

CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack

CSNC-2020-005 – Checkmk Local Privilege Escalation

Re: Navy Federal Reflective Cross Site Scripting (XSS)

CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]

Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials

[SYSS-2020-025] DOMOS 5.8 – OS Command Injection

[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting

[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)

Regarding the semi-recent OnBase vulnerabilities

APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

Mastering the Manipulation: The Intricacies of Social Engineering Attacks

Cobalt Strike Beacon Detected – 166[.]108[.]234[.]74:8089

Cobalt Strike Beacon Detected – 103[.]27[.]110[.]192:4444

Cobalt Strike Beacon Detected – 111[.]229[.]108[.]128:12233

Cobalt Strike Beacon Detected – 173[.]242[.]114[.]92:8080

You may have missed