Mail Thread Index

• Date Index

• [FD] [RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts, RedTeam Pentesting GmbH
• [FD] [RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes, RedTeam Pentesting GmbH
• [FD] Microsoft Exchange Server, External Service Interaction (DNS), Alphan YAVAS
• [FD] Microsoft Windows .Group File / URL Field Code Execution, hyp3rlinx
• [FD] New BlackArch Linux ISOs + OVA Image available!, Black Arch
• [FD] CA20191218-01: Security Notice for CA Client Automation Agent for Windows, Kevin Kotas via Fulldisclosure
• [FD] Open-Xchange Security Advisory 2020-01-02, Open-Xchange GmbH via Fulldisclosure
• [FD] [TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO), Thierry Zoller
• [FD] [TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag), Thierry Zoller
• [FD] [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information), Thierry Zoller
• [FD] Fortinet FortiSIEM Hardcoded SSH Key, Andrew Klaus
  • <Possible follow-ups>
  • Re: [FD] Fortinet FortiSIEM Hardcoded SSH Key, Fortinet PSIRT
• [FD] Microsoft Windows VCF Card / Mailto Link Denial Of Service, hyp3rlinx
• [FD] Two vulnerabilities found in MikroTik's RouterOS, Q C
• [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext 11.1.47, Daniel Bishtawi
• [FD] [TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2), Thierry Zoller
• [FD] [PATCH] (security) launcher: don't attempt to execute arbitrary binaries, Enrico Weigelt, metux IT consult
• [FD] [TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size), Thierry Zoller
• [FD] [TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS), Thierry Zoller
• [FD] [TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG), Thierry Zoller
• [FD] [TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN), Thierry Zoller
• [FD] [TOOL] Permanent SD Card Locker (Read Only), Thierry Zoller
• [FD] CVE-2019-20357 / Trend Micro Security (Consumer) / Persistent Arbitrary Code Execution, hyp3rlinx
• [FD] CVE-2019-19697 / Trend Micro Security 2019 (Consumer) / Security Bypass Protected Service Tampering, hyp3rlinx
• [FD] CVE-2020-2656 - Low impact information disclosure via Solaris xlock, Marco Ivaldi
• [FD] CVE-2020-2696 - Local privilege escalation via CDE dtsession, Marco Ivaldi
• [FD] .diagcab directory traversal leading to arbitrary code execution, Imre Rad
• [FD] [TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size), Thierry Zoller
• [FD] [TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information), Thierry Zoller
• [FD] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857, hyp3rlinx
• [FD] [REVIVE-SA-2020-001] Revive Adserver Vulnerability, Matteo Beccati via Fulldisclosure
• [FD] CarolinaCon CFP, CarolinaCon
• [FD] SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS, SEC Consult Vulnerability Lab
• [FD] CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows, Pentagrid AG
• [FD] [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857, hyp3rlinx
• [FD] Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers, Błażej Adamczyk
• [FD] Become a speaker at Positive Hack Days 10. Call for Papers is now open, Alexander Lashkov via Fulldisclosure