Mail Index

• Thread Index

• [FD] Bagisto: Insecure installation in sub-directories
  • From: devsecweb--- via Fulldisclosure
• [FD] Bagisto: Default credentials for admin interface
  • From: devsecweb--- via Fulldisclosure
• [FD] Roundcube issue - Auth bypass via Improper Session Management
  • From: Balázs Hambalkó
• [FD] Sagemcom router insecure deserialization > privilege escalation
  • From: Ryan Delaney
• [FD] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
  • From: Sandro Gauci
• [FD] [RT-SA-2020-004] Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting
  • From: RedTeam Pentesting GmbH
• [FD] SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
  • From: SEC Consult Vulnerability Lab
• [FD] Hyland OnBase 19.x and below - SQL Injection
  • From: Adaptive Security Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Insufficient Logging (Client-Side Enforcement of Server-Side Security)
  • From: Adaptive Security Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - CSRF
  • From: Adaptive Security Consulting via Fulldisclosure
• [FD] Full Disclosure - Telnet Hardcoded credentials - CVE-2018-20432
  • From: CSW Research Lab
• [FD] Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
  • From: Pietro Oliva via Fulldisclosure
• [FD] Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks
  • From: Pietro Oliva via Fulldisclosure
• [FD] Noise-Java ChaChaPolyCipherState.encryptWithAd() insufficient boundary checks
  • From: Pietro Oliva via Fulldisclosure
• [FD] Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
  • From: Red Timmy Security
• [FD] Open Source Tool | vPrioritization | Risk Prioritization Framework
  • From: Pramod Rana
• [FD] Hyland OnBase 19.x and below - Insufficient Authorization (Client-Side Enforcement of Server-Side Security)
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Log Injection And Denial Of Service
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Hardcoded PKI Certificates And AES Key Material
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Unity Client Malformed Image Denial Of Service
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - DLL Hijacking
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Path Traversal
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Insecure Deserialization
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - XML External Entity (XXE) Injection
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Unrestricted File Upload
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Hyland OnBase 19.x and below - Data Import Denial Of Service
  • From: AdaptiveSecurity Consulting via Fulldisclosure
• [FD] Two vulnerabilities found in MikroTik's RouterOS
  • From: Q C
• [FD] Cross-Site Scripting Vulnerabilities in IlchCMS 2.1.37
  • From: Daniel Bishtawi via Fulldisclosure
• [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
  • From: Jason Geffner
• [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
  • From: Jason Geffner
• [FD] Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software
  • From: hyp3rlinx
• [FD] ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
  • From: Andreas Sperber
• [FD] ModSecurity v3 affected by DoS (CVE-2020-15598)
  • From: Christian Folini
• [FD] [CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
  • From: Julien Ahrens (RCE Security)
• [FD] Apache + PHP <= 7.4.10 open_basedir bypass
  • From: Havijoori via Fulldisclosure
• [FD] Navy Federal Reflective Cross Site Scripting (XSS)
  • From: Juan Avila
• [FD] APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-09-16-2 tvOS 14.0
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-09-16-3 Safari 14.0
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-09-16-4 watchOS 7.0
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2020-09-16-5 Xcode 12.0
  • From: Apple Product Security via Fulldisclosure
• [FD] Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763)
  • From: Ava Tester One
• [FD] Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762)
  • From: Ava Tester One
• [FD] Visitor Management System in PHP 1.0 - Authenticated SQL Injection
  • From: Ava Tester One
• [FD] Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS
  • From: Ava Tester One
• [FD] [CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading
  • From: Julien Ahrens (RCE Security)
• [FD] Google's osconfig agent - local privilege escalation
  • From: Imre Rad
• [FD] APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
  • From: Apple Product Security via Fulldisclosure
• [FD] Regarding the semi-recent OnBase vulnerabilities
  • From: Ken
• [FD] [SYSS-2019-049] Insufficient Session Expiration (CWE-613) in REDDOXX MailDepot (CVE-2019-19199)
  • From: Micha Borrmann
• [FD] [SYSS-2020-024] Qiata FTA - Persistent Cross-Site Scripting
  • From: Patrick Hener
• [FD] [SYSS-2020-025] DOMOS 5.8 - OS Command Injection
  • From: Patrick Hener
• [FD] Critical Information Disclosure on WP Courses plugin <= 2.0.29 exposes private course videos and materials
  • From: Red Timmy Security
• Re: [FD] Navy Federal Reflective Cross Site Scripting (XSS)
  • From: AdaptiveSecurity Consulting via Fulldisclosure