Full Disclosure: by date

PreviousPrevious period
Next periodNext

45 messages starting Nov 04 20 and ending Nov 30 20
Date index | Thread index | Author index

Wednesday, 04 November

SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) SEC Consult Vulnerability Lab

Thursday, 05 November

Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn Dawid Golunski
AST-2020-001: Remote crash in res_pjsip_session Asterisk Security Team
AST-2020-002: Outbound INVITE loop on challenge with different nonce. Asterisk Security Team

Friday, 06 November

Etherify - bringing the ether back to ethernet Jacek Lipkowski
APPLE-SA-2020-11-05-2 iOS 12.4.9 Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-05-7 tvOS 14.2 Apple Product Security via Fulldisclosure
Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP Sandro Gauci
secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication Tobias Glemser

Tuesday, 10 November

NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3) hyp3rlinx
[No cON Name] #ncn2k20 CFP online - Barcelona José Nicolás Castellano

Thursday, 12 November

Avian JVM FileOutputStream.write() Integer Overflow Pietro Oliva via Fulldisclosure
Scope of Debian's /home/loser is with permissions 755, default umask 002 Georgi Guninski

Sunday, 15 November

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002 bo0od
[SYSS-2020-037] Persistent Cross-site Scripting (CWE-79) in REDDOXX MailDepot (CVE-2020-26554) Micha Borrmann
Re: Scope of Debian's /home/loser is with permissions 755, default umask 002 Pim van Stam
APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave Apple Product Security via Fulldisclosure
APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 Apple Product Security via Fulldisclosure

Monday, 16 November

SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities Vulnerability Lab
Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability Vulnerability Lab
Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability Vulnerability Lab
Intel NUC - Local Privilege Escalation Vulnerability Vulnerability Lab
SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability Vulnerability Lab
SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability Vulnerability Lab

Tuesday, 17 November

Fancy Product Designer for WooCommerce - Stored XSS via SVG upload Jonathan Gregson via Fulldisclosure
Fancy Product Designer for WooCommerce - Unrestricted File Upload Jonathan Gregson via Fulldisclosure
SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager SEC Consult Vulnerability Lab

Wednesday, 18 November

SOWA.OPAC Reflected Cross Site Scripting hacker
TCMalloc viewer/dumper - TCMalloc Inspector Tool Marcin Kozlowski

Friday, 20 November

VTiger v7.0 CRM - (To) Persistent Email Vulnerability Vulnerability Lab
KL-001-2020-004 : Barco wePresent Hardcoded API Credentials KoreLogic Disclosures via Fulldisclosure
KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text KoreLogic Disclosures via Fulldisclosure
KL-001-2020-006 : Barco wePresent Authentication Bypass KoreLogic Disclosures via Fulldisclosure
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI KoreLogic Disclosures via Fulldisclosure
KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password KoreLogic Disclosures via Fulldisclosure
KL-001-2020-009 : Barco wePresent Insecure Firmware Image KoreLogic Disclosures via Fulldisclosure

Monday, 23 November

CA20201116-01: Security Notice for CA Unified Infrastructure Management Ken Williams via Fulldisclosure
SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V SEC Consult Vulnerability Lab

Monday, 30 November

Etherify 4 - jumping air gaps with real ethernet hardware Jacek Lipkowski
scikit-learn 0.23.2 Local Denial of Service pabloec20
PreviousPrevious period
Next periodNext