Re: Navy Federal Reflective Cross Site Scripting (XSS)
Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 29Good evening. Because of the nature of the software and vulnerabilities we...
Vulnerabilities
CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]
Posted by Dirk-Willem van Gulik on Sep 29 (Corona) Exposure Notifications API for Apple iOS and Google Android risk of...
Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
Posted by Red Timmy Security on Sep 29WP Courses is a Wordpress plugin allowing to define courses with lessons. The...
[SYSS-2020-025] DOMOS 5.8 – OS Command Injection
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-025 Product: DOMOS Manufacturer: Secudos GmbH Affected Version(s): <= DOMOS 5.8 Tested...
[SYSS-2020-024] Qiata FTA – Persistent Cross-Site Scripting
Posted by Patrick Hener on Sep 29Advisory ID: SYSS-2020-024 Product: Qiata FTA Manufacturer: Secudos GmbH Affected Version(s): <= Qiata FTA...
[SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
Posted by Micha Borrmann on Sep 29Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Version(s): 2032 SP2 (2.2.1242) Tested...
Regarding the semi-recent OnBase vulnerabilities
Posted by Ken on Sep 29In response to the recent OnBase v19.8.9.1000 and v18.0.0.32 vulnerability disclosures a few weeks ago,...
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra,...
Google’s osconfig agent – local privilege escalation
Posted by Imre Rad on Sep 22Osconfig is a beta service by Google, a poll based "desired state configuration" solution:...
[CVE-2020-25203] Frame Preview “com.framer.viewer.FramerViewActivity” Arbitrary URL Loading
Posted by Julien Ahrens (RCE Security) on Sep 22RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Framer Preview Vendor URL:...
Visitor Management System in PHP 1.0 – Unauthenticated Stored XSS
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS #...
Visitor Management System in PHP 1.0 – Authenticated SQL Injection
Posted by Ava Tester One on Sep 22# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection #...
Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
Posted by Ava Tester One on Sep 22# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection # Exploit Author:...
APPLE-SA-2020-09-16-5 Xcode 12.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-5 Xcode 12.0 Xcode 12.0 is now available and addresses the...
APPLE-SA-2020-09-16-4 watchOS 7.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 is now available and addresses the...
APPLE-SA-2020-09-16-3 Safari 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-2 tvOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 is now available and addresses the...
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
Posted by Apple Product Security via Fulldisclosure on Sep 18APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0...
[CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
Posted by Julien Ahrens (RCE Security) on Sep 15RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor...
ModSecurity v3 affected by DoS (CVE-2020-15598)
Posted by Christian Folini on Sep 15ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global...
ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
Posted by Andreas Sperber on Sep 15# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s)...
Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software
Posted by hyp3rlinx on Sep 11 Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software Credits: John...
CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8152 – Elevation of Privilege in Backblaze --------------------------------------------------- Summary ======= Name: Elevation of Privilege...
CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Jason Geffner on Sep 11CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze ------------------------------------------------------------------ Summary ======= Name: Remote...
