Latest Vulnerabilities

By Sunny Hoi
  • National Vulnerability Database - 7 July 2020, 3:15 pm

    NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.Read More

  • National Vulnerability Database - 7 July 2020, 3:15 pm

    "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."Read More

  • National Vulnerability Database - 7 July 2020, 3:15 pm

    "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."Read More

  • National Vulnerability Database - 7 July 2020, 3:15 pm

    NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.Read More

  • National Vulnerability Database - 7 July 2020, 2:15 pm

    SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.Read More

  • Bugtraq - 25 February 2020, 10:07 am

    Posted by Stefan Kanthak on Feb 25Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe) J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,…Read More

  • Bugtraq - 25 February 2020, 10:04 am

    Posted by Qualys Security Advisory on Feb 25Qualys Security Advisory Local information disclosure in OpenSMTPD (CVE-2020-8793) ============================================================================== Contents ============================================================================== Summary Analysis Exploitation POKE 47196, 201 Acknowledgments ============================================================================== Summary…Read More

  • Bugtraq - 25 February 2020, 10:04 am

    Posted by Qualys Security Advisory on Feb 25Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ============================================================================== Contents ============================================================================== Summary Analysis … Acknowledgments ============================================================================== Summary…Read More

  • Bugtraq - 25 February 2020, 9:56 am

    Posted by Alessandro Ghedini on Feb 25————————————————————————- Debian Security Advisory DSA-4633-1 security () debian org https://www.debian.org/security/ Alessandro Ghedini February 22, 2020 https://www.debian.org/security/faq ————————————————————————- Package : curl CVE ID : CVE-2019-5436 CVE-2019-5481…Read More

  • Bugtraq - 25 February 2020, 9:52 am

    Posted by Jamie R on Feb 25I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts…Read More

  • Bugtraq - 24 February 2020, 3:57 pm

    Posted by Thierry Zoller on Feb 24Read More

  • Bugtraq - 24 February 2020, 10:01 am

    Posted by Thierry Zoller on Feb 24Read More

  • Bugtraq - 21 February 2020, 6:22 am

    Posted by Slackware Security Team on Feb 20[slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +————————–+ patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools…Read More

  • Bugtraq - 19 February 2020, 1:59 pm

    Posted by Moritz Muehlenhoff on Feb 19————————————————————————- Debian Security Advisory DSA-4628-1 security () debian org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq ————————————————————————- Package : php7.0 CVE ID : CVE-2019-11045 CVE-2019-11046…Read More

  • Bugtraq - 19 February 2020, 1:56 pm

    Posted by Sebastien Delafond on Feb 19————————————————————————- Debian Security Advisory DSA-4629-1 security () debian org https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq ————————————————————————- Package : python-django CVE ID : CVE-2020-7471 Debian Bug…Read More

  • Bugtraq - 18 February 2020, 4:22 pm

    Posted by Thierry Zoller on Feb 18Read More

  • Bugtraq - 18 February 2020, 8:05 am

    Posted by Thierry Zoller on Feb 18Read More

  • Bugtraq - 18 February 2020, 8:04 am

    Posted by Moritz Muehlenhoff on Feb 18————————————————————————- Debian Security Advisory DSA-4626-1 security () debian org https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020 https://www.debian.org/security/faq ————————————————————————- Package : php7.3 CVE ID : CVE-2019-11045 CVE-2019-11046…Read More

  • Bugtraq - 18 February 2020, 8:00 am

    Posted by Moritz Muehlenhoff on Feb 18————————————————————————- Debian Security Advisory DSA-4627-1 security () debian org https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq ————————————————————————- Package : webkit2gtk CVE ID : CVE-2020-3862 CVE-2020-3864…Read More

  • Bugtraq - 17 February 2020, 4:54 am

    Posted by RedTimmy Security on Feb 16Hi, we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties". We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload,…Read More