CVE-2019-19680
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to…
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
CVE-2020-4916
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…
CVE-2020-4928
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code…
CVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users…
CVE-2020-0688 – Microsoft / Exchange – Memory corruption
CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the vulnerability was used…
CVE-2020-14871 – Oracle / Solaris – Unspecified
CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the…
CVE-2019-12840 – Webmin / Webmin – OS command injection
CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses…
CVE-2019-12840 – Webmin/Webmin – OS command injection vulnerability
CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses…
CVE-2020-14871 – Oracle/Solaris – unspecified vulnerability
CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the…
CVE-2020-0688 – Microsoft/Exchange
CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the vulnerability was used…
survey on reliability of CVSS
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability of CVSS (Common Vulnerability Scoring System). If you are currently…
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:* |7.0.1.433| (Windows) and |7.1.0.434| (macOS) My OSX Backblaze is reporting 7.0.2.470 as most recent…
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability. The updated CVE ID for this issue is CVE-2020-8289. We…
CarolinaCon Online CFP
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we had to postpone CarolinaCon 16 do to unforeseen circumstances. We…
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability. The updated CVE ID for this issue is CVE-2020-8290. We…
[CVE-2018-7580] – Philips Hue Denial of Service
Posted by Ilia Shnaidman on Dec 25[+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V Product: ============= Philips Hue Hub - all Vulnerability…
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Jason Geffner on Dec 25Thanks, Reed. I've updated the GitHub repository name to reflect this change. The detailed write-up can now be found athttps://github.com/geffner/CVE-2020-8290/blob/master/README.md. If you like the…
AST-2020-004: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-004 Product Asterisk Summary Remote crash in res_pjsip_diversion Nature of Advisory Denial of service Susceptibility Remote authenticated…
AST-2020-003: Remote crash in res_pjsip_diversion
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-003 Product Asterisk Summary Remote crash in res_pjsip_diversion Nature of Advisory Denial of service Susceptibility Remote authenticated…
Rocket.Chat Path Traversal
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write files to attacker-controlled locations:https://github.com/RocketChat/Rocket.Chat/commit/f5c7d94bffb279d7a2f859773935fb5cf70c81cd Exploitation of this vulnerability requires uploading…
remote code execution when open a project in android studio that google refused to fix(still 0day)
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if gradle-wrapper.properties set distributionUrl=https:// services.gradle.org/distributions/gradle-2.6-all.zip <https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug>, then android studio will download…
SUPREMO Local privilege escalation
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 (No other…
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and Windows XP, Microsoft introduced the functions SystemFunction035() alias RtlCheckSignatureInFile(), SystemFunction036()…