Scope of Debian’s /home/loser is with permissions 755, default umask 002
Posted by Georgi Guninski on Nov 12On Debian /home/loser is with permissions 755, default umask 0022 (If you don't understand...
Vulnerabilities
Avian JVM FileOutputStream.write() Integer Overflow
Posted by Pietro Oliva via Fulldisclosure on Nov 12Vulnerability title: Avian JVM FileOutputStream.write() Integer Overflow Author: Pietro Oliva Vendor: ReadyTalk...
NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3)
Posted by hyp3rlinx on Nov 10from subprocess import Popen, PIPE import sys,argparse,re #MIT License #Copyright (c) 2020 John Page (aka...
[No cON Name] #ncn2k20 CFP online – Barcelona
Posted by José Nicolás Castellano on Nov 10No cON Name 2020 - Online Edition Call For Papers https://www.noconname.org/call-for-papers/ *...
Advisory: ES2020-02 – Asterisk crash due to INVITE flood over TCP
Posted by Sandro Gauci on Nov 06# Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1,...
secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication
Posted by Tobias Glemser on Nov 06secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Affected Products OvulaRing Webapp Version 4.2.2...
APPLE-SA-2020-11-05-7 tvOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-7 tvOS 14.2 tvOS 14.2 is now available and address the...
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 iOS 14.2 and iPadOS 14.2...
APPLE-SA-2020-11-05-2 iOS 12.4.9
Posted by Apple Product Security via Fulldisclosure on Nov 06APPLE-SA-2020-11-05-2 iOS 12.4.9 iOS 12.4.9 is now available and address the...
AST-2020-002: Outbound INVITE loop on challenge with different nonce.
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory â AST-2020-002 Product Asterisk Summary Outbound INVITE loop...
AST-2020-001: Remote crash in res_pjsip_session
Posted by Asterisk Security Team on Nov 05 Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in...
Git LFS (git-lfs) – Remote Code Execution (RCE) exploit CVE-2020-27955 – Clone to Pwn
Posted by Dawid Golunski on Nov 05/* Go PoC exploit for git-lfs - Remote Code Execution (RCE) vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...
SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
Posted by SEC Consult Vulnerability Lab on Nov 04SEC Consult Vulnerability Lab Security Advisory < 20201104-0 > ======================================================================= title: Multiple...
Chrome heap buffer overflow in freetype2 CVE-2020-15999
Posted by Marcin Kozlowski on Oct 30Hi list, Debugged this issue, but somehow cannot trigger the crash in Chrome. Seems...
German armed forces launch security vulnerability disclosure program
Posted by Vulnerability Lab on Oct 29Title: German armed forces launch security vulnerability disclosure program Source:https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program Reference:https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242 If you like...
[CVE-2020-25204] God Kings “com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver” Improper Authorization Allowing In-Game Notification Spoofing
Posted by Julien Ahrens (RCE Security) on Oct 27RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL:...
CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal
Posted by Kevin R on Oct 23files through a TFTP GET request Use CVE-2020-24990. If you like the site, please...
SEC Consult SA-20201023-0 :: Multiple Vulnerabilities in PubliXone
Posted by SEC Consult Vulnerability Lab on Oct 23SEC Consult Vulnerability Lab Security Advisory < 20201023-0 > ======================================================================= title: PubliXone...
VL 2020-10-22 – German Bundeswehr starts own Responsible Disclosure Program (VDPBw)
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the...
[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
LISTSERV Maestro Remote Code Execution Vulnerability
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...
