Security issues have been found in the Anviz M3 RFID Access Control
device when working in standalone mode connected to a TCP/IP network,
that could lead to access control bypass and private informations
leakage and alteration.
### Advisory information
TITLE: Anviz M3 RFID Access Control securit
[Original blog post here:
https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/]
SUMMARY
Apache Tomcat had a vulnerability in its SSI implementation which
could be used to achieve cross site scripting (XSS). This is only
exploitable if SSI is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5
iTunes for Windows 12.9.5 is now available and addresses the
following:
SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-5-28-2 iCloud for Windows 7.12
iCloud for Windows 7.12 is now available and addresses the following:
SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input valida
Issue: Local Privilege Escalation
CVE:CVE-2018-1
Security researcher:Chris Moberly @ The Missing Link Security
Product name: Serv-U FTP Server
Product version:Tested on 15.1.6.25 (current as of Dec 2018)
Fixed in: 15.1.7
Advisory ID: SYSS-2019-014
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257)
Risk Level: Medium
Solution Status: Open
M
Advisory ID: SYSS-2020-013
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Missing Authentication for Critical Function (CWE-306)
Risk Level: High
Solution Status: Open
Advisory ID: SYSS-2019-012
Product: LOGO!
Manufacturer: Siemens
Affected Version(s): LOGO! 8 (all versions)
Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Open
Manufactu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CA20190523-01: Security Notice for CA Risk Authentication and CA
Strong Authentication
Issued: May 23, 2019
Last Updated: May 23, 2019
The Support team for CA Technologies, A Broadcom Company, is alerting
customers to multiple potential risks with
Hello,
We are informing you about the vulnerabilities we reported in VFront 0.99.5.
Here are the details:
Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting in VFront 0.99.5
Affected Software: VFront
Affected Versions: 0.99.5
Homepage: http://www.vfront.org/
Vulnerability: Refl
Hello,
We are informing you about the vulnerabilities we reported in Kanboard
1.2.7.
Here are the details:
Advisory by Netsparker
Name: Reflected Cross-site Scripting in Kanboard
Affected Software: Kanboard
Affected Versions: 1.2.7
Homepage: https://kanboard.org/
Vulnerability: Reflected Cross-s
11 matches
Mail list logo