exploit

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Julien Ahrens (RCE Security) on Oct 27 RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid Type: Improper Verification of Intent by Broadcast Receiver [CWE-925] Date found: 2020-09-07 Date published: 2020-10-25 CVSSv3 Score: […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Kevin R on Oct 23 files through a TFTP GET request Use CVE-2020-24990. If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below. Want to Support the […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Nguyen Anh Quynh on Oct 23 Greetings! We are very happy to announce version 1.0.2 of Unicorn Emulator! It has been more than 3.5 years since the last major update, and this version marks 5 year of […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by SEC Consult Vulnerability Lab on Oct 23 SEC Consult Vulnerability Lab Security Advisory < 20201023-0 > ======================================================================= title: PubliXone – Multiple Vulnerabilities product: konzept-ix publiXone vulnerable version: 2019.045 fixed version: 2020.015 CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180, CVE-2020-27181, […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Vulnerability Lab on Oct 22 Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below. Want to […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by RedTeam Pentesting GmbH on Oct 21 Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system which allows participants of a conference with permissions to upload […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Pedro Cunha on Oct 20 I don’t see how this is an “on-purpose backdoor”. As far as I know, this feature is used so you can install Android apps on your phone via the web interface on […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Michael Lazin on Oct 20 I do see the point and even though it is not a deliberate back door the end result is if your google account is compromised and an attacker wants to be sneaky […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Ryan Wincey on Oct 20 Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ==================== https://www.securifera.com/advisories/sec-2020-0001/ https://www.lsoft.com/products/maestro.asp Release Date: ============= 2020-10-20 Product & Service Introduction: =============================== LISTSERV Maestro is an enterprise email marketing solution and […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Adrian Sanabria on Oct 20 If I recall correctly, iOS and MacOS work in much the same way. They can push and remove software from devices at will. There are precedents of Google and Apple using this […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by RedTeam Pentesting GmbH on Oct 19 Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16 Dear subscribers, we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Enrico Weigelt, metux IT consult on Oct 16 Hello folks, In short, Google’s playstore receives notifications from Google and installs any app that Google wants to be installed – without any further notification or even interaction of […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Securify B.V. via Fulldisclosure on Oct 16 ———————————————————————— Java deserialization vulnerability in QRadar RemoteJavaScript Servlet ———————————————————————— Abstract ———————————————————————— A Java deserialization vulnerability exists in the QRadar RemoteJavaScript Servlet. An authenticated user can call one of the vulnerable […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by SEC Consult Vulnerability Lab on Oct 12 SEC Consult Vulnerability Lab Security Advisory < 20201012-0 > ======================================================================= title: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload product: Sage DPW vulnerable version: 2020_06_000 & 2020_06_001 fixed version: 2020_06_002 […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by houjingyi on Oct 09 new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may think it is a very useless. However, I noticed researchers disclosured some special dll hijacking scenarios that can […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by SEC Consult Vulnerability Lab on Oct 09 SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status vulnerable versions: […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by RedTeam Pentesting GmbH on Oct 08 Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by b1nary on Oct 06 # Exploit Title: Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities # Date: 2020-10-02 # Exploit Author: b1nary # Vendor Homepage:https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/ # Software Link: https://github.com/projectworlds32/srms/archive/master.zip # Version: 1.0 # Tested On: […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Stefan Marsiske via Fulldisclosure on Oct 06 GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX Power value in the metadata in the beacon of the GAEN protocol used by the corona/contact tracing app […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06 Hello, all Could you please publish the item below? I attached the text too. Thank you. =====[ Tempest Security Intelligence – ADV-09/2020 ]========================== Typesetter CMS Author: Rodolfo Tavares Tempest […]