SEC Consult also published a blog post regarding the identified security issues
with further background information:
Blog: https://r.sec-consult.com/xmeye
SEC Consult Vulnerability Lab Security Advisory < 2018100
I. VULNERABILITY
-
Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-18062
III. VENDOR
-
https://www.responsivefilemanager.com
IV. REFERENCES
-
I. VULNERABILITY
-
Responsive Filemanager 9.8.1 Authentication Bypass
II. CVE REFERENCE
-
CVE-2018-18061
III. VENDOR
-
https://www.responsivefilemanager.com
IV. REFERENCES
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4313-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2018
## FULL DISCLOSURE
#Product : Sitepress Multilingual CMS Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 3.6.3 and Below
#Home page Link : https://wpml.org/
#Website: https://0x62626262.wordpress.com
#Date : 08/10/2018
Unauthenticated Stored XSS Vulnerability:
—-
Description:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-10-08-2 iCloud for Windows 7.7
iCloud for Windows 7.7 is now available and addresses the following:
WebKit
Available for: Windows 7 and later
Impact: Unexpected interaction causes an ASSERT failure
Description: A memory corruption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-10-08-1 iOS 12.0.1
iOS 12.0.1 is now available and addresses the following:
VoiceOver
Available for: iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A local attacker may be able to view photos and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4312-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 08, 2018