September 17th, 2020 📆 | 4489 Views ⚑
# Security AdvisoryARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958)## Affected Product(s) and Environment(s)Product: 1CRM < =8.6.7, confirmed for CRBM System ENT-8.6.5,
September 8th, 2020 📆 | 8383 Views ⚑
CVSSv3.1 Score————————————————-AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor————————————————-Hyland Software – (https://www.hyland.com/en/ and https://www.onbase.com/en/) Product————————————————-Hyland OnBaseAll derivatives based on OnBase Versions Affected————————————————-All versions up to and
September 3rd, 2020 📆 | 8553 Views ⚑
# Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions # Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec) #
August 31st, 2020 📆 | 1573 Views ⚑
When the foundations of the modern internet were laid in the 70s, people didn’t trust each other much more than
August 7th, 2020 📆 | 6110 Views ⚑
# Exploit Title: Online Shopping Alphaware 1.0 – ‘Summary’ Insecure Direct Object Reference (Authenticated)# Date: 2020-8-4# Exploit Author: Edo Maland#
July 24th, 2020 📆 | 6063 Views ⚑
In April 2019, a tiny credit union in Greenville, Pennsylvania, Bessemer System Federal Credit Union, filed a lawsuit against Fiserv,
June 13th, 2020 📆 | 4173 Views ⚑
# Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions # Date: 2020-06-05 # Exploit Author: hyp3rlinx # Vendor Homepage: https://www.wingate.com
June 5th, 2020 📆 | 7766 Views ⚑
+] Credits: John Page (aka hyp3rlinx) +] Website: hyp3rlinx.altervista.org+] Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-IP-OFFICE-INSECURE-TRANSIT-PASSWORD-DISCLOSURE.txt+] twitter.com/hyp3rlinx+] ISR: ApparitionSec Vendor]www.avaya.com Product]Avaya IP Office v9.1.8.0 –
June 5th, 2020 📆 | 7312 Views ⚑
+] Credits: John Page (aka hyp3rlinx) +] Website: hyp3rlinx.altervista.org+] Source: http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt+] twitter.com/hyp3rlinx+] ISR: ApparitionSec Vendor]wingate.com Product]WinGate v9.4.1.5998 WinGate is a
May 12th, 2020 📆 | 6705 Views ⚑
Open source rules. Everyone from Apple to Microsoft to Zoom uses it. Don’t believe me? Synopsys, a software and silicon
May 11th, 2020 📆 | 1558 Views ⚑
# Title: SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions # Author: Jens Regel, Schneider & Wulf EDV-Beratung
May 7th, 2020 📆 | 3873 Views ⚑
Title: SolarWinds MSP PME Cache Service – Insecure File Permissions /Code ExecutionAuthor: Jens Regel, Schneider & Wulf EDV-Beratung GmbH &
May 1st, 2020 📆 | 2133 Views ⚑
# Exploit Title: EmEditor 19.8 - Insecure File Permissions # Date: 2020-04-27 # Exploit Author: SajjadBnd # Vendor Homepage: https://www.emeditor.com/
April 30th, 2020 📆 | 5649 Views ⚑
# Exploit Title: EmEditor 19.8 – Insecure File Permissions# Date: 2020-04-27# Exploit Author: SajjadBnd# Vendor Homepage: https://www.emeditor.com/# Software Link: https://support.emeditor.com/en/downloads/suggested#
April 29th, 2020 📆 | 3553 Views ⚑
*] *]# Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption # Date: 2020-04-20 # Author: hyp3rlinx # Vendor: #
April 22nd, 2020 📆 | 4996 Views ⚑
————————————————————————Local privilege escalation in QRadar due to run-result-reader.shinsecure file permissions————————————————————————Yorick Koster, September 2019 ————————————————————————Abstract————————————————————————It was found that the nobody user
April 22nd, 2020 📆 | 7786 Views ⚑
*]import time, string, sys, argparse, os, codecs*]#Fixed: updated for Python 3, the hex decode() function was not working in Python
April 17th, 2020 📆 | 8508 Views ⚑
Document Title:===============SMACom v1.2.0 – Insecure Session Validation Vulnerability References (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2211 Release Date:=============2020-04-16 Vulnerability Laboratory ID (VL-ID):====================================2211 Common Vulnerability Scoring System:====================================7.1
April 14th, 2020 📆 | 7431 Views ⚑
===========================================================================================================Subex ROC Partner Settlement 10.5 – Authenticated IDOR in change password function lead to account takeover=========================================================================================================== # Exploit Title: Insecure
April 13th, 2020 📆 | 3066 Views ⚑
Roundup We’re one week further along, and we hope everyone is well out there. Time for another security roundup amid
April 11th, 2020 📆 | 7583 Views ⚑
Linux >=5.3: io_uring: insecure handling of root directory for path lookups When I sawtoday, I realized that this is not
April 7th, 2020 📆 | 6318 Views ⚑
Microsoft says that Basic Authentication’s removal from Exchange Online is being postponed until the second half of 2021 due to the
April 6th, 2020 📆 | 2675 Views ⚑
# Exploit Title: Memu Play 7.1.3 – Insecure Folder Permissions# Discovery by: chuyreds# Discovery Date: 2020-03-08# Vendor Homepage: https://www.memuplay.com/# Software
April 6th, 2020 📆 | 5529 Views ⚑
# Exploit Title: Memu Play 7.1.3 - Insecure Folder Permissions # Discovery by: chuyreds # Discovery Date: 2020-03-08 # Vendor
Cabot 0.11.12 – Persistent Cross-Site Scripting September 7, 2020 # Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting #…
A Tale of Escaping a Hardened Docker container August 25, 2020 Legend has it that before his death, Harry Houdini once…
Ubuntu Security Notice USN-4474-1 ≈ Packet Storm August 26, 2020 ==========================================================================Ubuntu Security Notice USN-4474-1August 26, 2020firefox vulnerabilities==========================================================================A security issue affects…
CyberRisk Alliance Acquires Security Weekly September 8, 2020 NEW YORK, Sept. 08, 2020 (GLOBE NEWSWIRE) -- CyberRisk Alliance…
Dominic Cummings’ plan to build UK Google… September 10, 2020 UK Prime Minister Boris Johnson's top adviser, Dominic Cummings, is…
European ISPs report mysterious wave of DDoS attacks September 5, 2020 More than a dozen internet service providers (ISPs) across Europe…
6 Factors to Consider in Evaluating CVE Importance August 26, 2020 You just finished reviewing the latest report from your vulnerability…
Comments