SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI)

SEC Consult Vulnerability Lab Security Advisory < 20190124-0 > === title: Cross-site scripting product: CA Automic Workload Automation Web Interface (AWI) (formerly Automic Auto

APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows iTunes 12.9.3 for Windows is now available and addresses the following: AppleKeyStore Available for: Windows 7 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions

[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others

[RT-SA-2018-004] Cisco RV320 Command Injection

Advisory: Cisco RV320 Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and

[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly