InfoSec News & Tutorials
Posted by Egidio Romano on Jan 06----------------------------------------------------------------------------- IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability ----------------------------------------------------------------------------- [-] Software Link:https://invisioncommunity.com [-] Affected Versions: Version 4.5.4 and prior versions.…
Posted by malvuln on Jan 06Discovery / credits: malvuln - Malvuln.com (c) 2021 Original source:https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.k Vulnerability: Remote String Dereference Stack Buffer…
Posted by Balázs Hambalkó on Jan 06Hi, Vendor: Files.com Product: Fat Client Tested version: 3.3.6 but newer version high likely also affected Credit: Balazs Hambalko, IT Security Consultant This vulnerability…
Posted by Aki Tuomi on Jan 06Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug ID) Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or…
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability of CVSS (Common Vulnerability Scoring System). If you are currently…
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:* |7.0.1.433| (Windows) and |7.1.0.434| (macOS) My OSX Backblaze is reporting 7.0.2.470 as most recent…
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability. The updated CVE ID for this issue is CVE-2020-8289. We…
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability. The updated CVE ID for this issue is CVE-2020-8290. We…
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we had to postpone CarolinaCon 16 do to unforeseen circumstances. We…
Posted by Ilia Shnaidman on Dec 25[+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V Product: ============= Philips Hue Hub - all Vulnerability…
Posted by Jason Geffner on Dec 25Thanks, Reed. I've updated the GitHub repository name to reflect this change. The detailed write-up can now be found athttps://github.com/geffner/CVE-2020-8290/blob/master/README.md. If you like the…
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-004 Product Asterisk Summary Remote crash in res_pjsip_diversion Nature of Advisory Denial of service Susceptibility Remote authenticated…
Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory - AST-2020-003 Product Asterisk Summary Remote crash in res_pjsip_diversion Nature of Advisory Denial of service Susceptibility Remote authenticated…
Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write files to attacker-controlled locations:https://github.com/RocketChat/Rocket.Chat/commit/f5c7d94bffb279d7a2f859773935fb5cf70c81cd Exploitation of this vulnerability requires uploading…
Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if gradle-wrapper.properties set distributionUrl=https:// services.gradle.org/distributions/gradle-2.6-all.zip <https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug>, then android studio will download…
Posted by Adan Alvarez on Dec 21Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 (No other…
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and Windows XP, Microsoft introduced the functions SystemFunction035() alias RtlCheckSignatureInFile(), SystemFunction036()…
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last Updated: December 15, 2020 CA Technologies, a Broadcom Company, is…
Posted by Moe Szyslak on Dec 18Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of this vulnerability is very straightforward by manipulating a message attachment…
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11718…
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key =============================================================================== Identifiers ------------------------------------------------- CVE-2020-8995…
Posted by SEC Consult Vulnerability Lab on Dec 17SEC Consult Vulnerability Lab Security Advisory < 20201217-0 > ======================================================================= title: Multiple critical vulnerabilities product: Trend Micro InterScan Web Security Virtual Appliance…
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big Sur 11.0.1 addresses the following issues. Information about the security…
Posted by Apple Product Security via Fulldisclosure on Dec 15APPLE-SA-2020-12-14-9 macOS Server 5.11 macOS Server 5.11 addresses the following issues. Information about the security content is also available athttps://support.apple.com/HT211932. Profile…