Rocket.Chat Path Traversal
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write...
Vulnerabilities
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if...
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/...
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last...
Rocket.Chat quietly patches XSS vulnerability
Posted by Moe Szyslak on Dec 18Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Broken encryption with guessable static encryption key [CVE-2020-8995]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken...
SEC Consult SA-20201217-0 :: Multiple critical vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance (IWSVA)
Posted by SEC Consult Vulnerability Lab on Dec 17SEC Consult Vulnerability Lab Security Advisory < 20201217-0 > ======================================================================= title: Multiple...
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big...
APPLE-SA-2020-12-14-9 macOS Server 5.11
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-9 macOS Server 5.11 macOS Server 5.11 addresses the following issues....
APPLE-SA-2020-12-14-8 Safari 14.0.2
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-8 Safari 14.0.2 Safari 14.0.2 addresses the following issues. Information about...
APPLE-SA-2020-12-14-7 tvOS 14.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-7 tvOS 14.3 tvOS 14.3 addresses the following issues. Information about...
APPLE-SA-2020-12-14-6 watchOS 6.3
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-6 watchOS 6.3 watchOS 6.3 addresses the following issues. Information about...
Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Cross-site request forgery (CSRF) Product: OpenAsset Digital Asset Management by OpenAsset...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Roberto Franceschetti on Dec 11No. Secure antivirus deployments would include a "tamper protection" password. You cannot uninstall the...
Stored cross-site scripting (XSS) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Stored cross-site scripting (XSS) Product: OpenAsset Digital Asset Management by OpenAsset...
IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset...
Self-reflected XSS in WordPress DirectoriesPro 1.3.45 plugin disclosure.
Posted by Jack Misiura via Fulldisclosure on Dec 11Title: Self-reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/...
Huawei HedEx Lite (DM) – Path Traversal Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== Huawei HedEx Lite (DM) - Path Traversal Web Vulnerability References (Source):...
VestaCP v0.9.8-26 – (LoginAs) Token Session Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - (LoginAs) Token Session Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2240 Release...
VestaCP v0.9.8-26 – Insufficient Session Validation Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - Insufficient Session Validation Web Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2238...
VestaCP v0.9.8-26 – (period) Cross Site Scripting Web Vulnerability
Posted by Vulnerability Lab on Dec 08Document Title: =============== VestaCP v0.9.8-26 - (period) Cross Site Scripting Web Vulnerability References (Source):...
Re: Disable Windows Defender and most other 3rd party antiviruses
Posted by Exibar on Dec 08Would this not be the same as uninstalling the AV application in safemode? -----Original Message-----...
