CVE-2020-25790
Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...
Vulnerabilities
FortSIEM <= 5.2.8 RCE due to EL Injection – analysis
Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...
SEC Consult SA-20201005-0 :: Multiple Critical Vulnerabilities in RocketLinx Series
Posted by SEC Consult Vulnerability Lab on Oct 05SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple...
SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)
Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201002-0 > ======================================================================= title: Multiple...
SEC Consult SA-20201001-0 :: Broken Access Control in Platinum Mobile
Posted by SEC Consult Vulnerability Lab on Oct 02SEC Consult Vulnerability Lab Security Advisory < 20201001-0 > ======================================================================= title: Broken...
[SYSS-2019-048] Improper Authorization (CWE-285) in REDDOXX MailDepot (CVE-2019-19200)
Posted by Micha Borrmann on Oct 02Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
CVE-2020-12676 – FusionAuth SAML v2.0 bindings in Java using JAXB – Signature Exclusion Attack
Posted by Advisories on Oct 02############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: SAML v2.0...
CSNC-2020-005 – Checkmk Local Privilege Escalation
Posted by Advisories on Oct 02################################################################################ # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ################################################################################ # # Product: Checkmk #...
Re: Navy Federal Reflective Cross Site Scripting (XSS)
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 29Good evening. Because of the nature of the software and vulnerabilities we...
CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]
Posted by Dirk-Willem van Gulik on Sep 29 (Corona) Exposure Notifications API for Apple iOS and Google Android risk of...
Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
Posted by Red Timmy Security on Sep 29WP Courses is a Wordpress plugin allowing to define courses with lessons. The...
[SYSS-2020-025] DOMOS 5.8 – OS Command Injection
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Version(s): <= DOMOS 5.8 Tested...
[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...
[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
Regarding the semi-recent OnBase vulnerabilities
Posted by Ken on Sep 29In response to the recent OnBase v19.8.9.1000 and v18.0.0.32 vulnerability disclosures a few weeks ago,...
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra,...
Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
APPLE-SA-2020-09-16-5 Xcode 12.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-5 Xcode 12.0 Xcode 12.0 is now available and addresses the...
APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 is now available and addresses the...
APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 is now available and addresses the...
