Mail Index

• Thread Index

• [FD] Fortinet FortiSIEM - Improper Certificate Validation
  • From: Andrew Klaus
• [FD] Metasploit Pro Includes a 4 year old Java Runtime with 223 vulnerabilities 53 being critical
  • From: Anthony Cicalla
• [FD] Duplicator Pro <= 1.3.14: Local Information Disclosure
  • From: Fulldisclosure Team
• [FD] PDFex: Security weakness in PDF encryption
  • From: Jens Müller via Fulldisclosure
• [FD] APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1
  • From: Apple Product Security via Fulldisclosure
• [FD] Bsides Lisbon 2019 Trainings
  • From: Claudio Andre
• [FD] CA20190930-01: Security Notice for CA Network Flow Analysis
  • From: Kevin Kotas via Fulldisclosure
• [FD] [AIT-SA-20190930-01] CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus
  • From: Wolfgang
• [FD] vBulletin <= 5.5.4 Two SQL Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-02] vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability
  • From: Egidio Romano
• [FD] Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501
  • From: TIMMERMAN, Jens
• [FD] CVE-2019-17128: OmniCenter 12.1.1 – Unauthenticated SQL Injection
  • From: Luis Rios
• [FD] APPLE-SA-2019-10-07-2 iTunes for Windows 12.10.1
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-3 iCloud for Windows 10.7
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-1 macOS Catalina 10.15
  • From: Apple Product Security via Fulldisclosure
• [FD] APPLE-SA-2019-10-07-4 iCloud for Windows 7.14
  • From: Apple Product Security via Fulldisclosure
• [FD] RENPHO iOS missing encryption and integrity check
  • From: ProSec Security Team
• [FD] [KIS-2019-03] SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-04] SugarCRM <= 9.0.1 Multiple SQL Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-05] SugarCRM <= 9.0.1 Multiple Broken Access Control Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-06] SugarCRM <= 9.0.1 Multiple Path Traversal Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-07] SugarCRM <= 9.0.1 Multiple PHP Code Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-08] SugarCRM <= 9.0.1 Multiple PHP Object Injection Vulnerabilities
  • From: Egidio Romano
• [FD] [KIS-2019-09] SugarCRM <= 9.0.1 Multiple Phar Deserialization Vulnerabilities
  • From: Egidio Romano
• [FD] Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1
  • From: Daniel Bishtawi
• [FD] Open-Xchange Security Advisory 2019-10-09
  • From: Martin Heiland via Fulldisclosure
• [FD] [SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: Matthias Deeg
• [FD] [SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: Matthias Deeg
• [FD] [SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: Matthias Deeg
• [FD] SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject
  • From: SEC Consult Vulnerability Lab
• [FD] [CFP] BSides San Francisco – February 2020
  • From: BSidesSF CFP via Fulldisclosure
• [FD] Reflected XSS via Broken Link Checker v.1.11.8 WordPress Plugin
  • From: Ismail Doe
• [FD] APPLE-SA-2019-10-11-1 Swift 5.1.1 for Ubuntu
  • From: Apple Product Security via Fulldisclosure
• [FD] Tomedo Server - Weak encryption mech.
  • From: ProSec Security Team
• [FD] reinersct: receiving annual awards for trivial insecurity
  • From: Thegirl Wholearnedtocode
• [FD] WiKID 2FA Enterprise Server Multiple Issues
  • From: Aaron Bishop
• [FD] Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]
  • From: CERT
• [FD] CA20191015-01: Security Notice for CA Performance Management
  • From: Kevin Kotas via Fulldisclosure
• [FD] CVE 2019-2215 Android Binder Use After Free
  • From: Marcin Kozlowski
• [FD] CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver
  • From: Marco Ivaldi
• [FD] Sangoma SBC local sudo user creation vulnerability without authentication - CVE-2019-12147
  • From: Security Team Appsecco via Fulldisclosure
• [FD] Sangoma SBC bypass authentication via argument injection - CVE-2019-12148
  • From: Security Team Appsecco via Fulldisclosure
• [FD] Trend Micro Anti-Threat Toolkit (ATTK) <= v1.62.0.1218 Remote Code Execution 0day CVE-2019-9491
  • From: hyp3rlinx
• [FD] Gift Certificates and More: A complete lack of security
  • From: Security Researcher