[FD] [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2019-047 Product: Micro Focus Vibe (formerly Novelle Vibe) Manufacturer: Micro Focus International plc Affected Version(s): 4.0.6 Tested Version(s): 4.0.6 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution

[FD] [SYSS-2019-046] Micro Focus Vibe - HTML Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2019-046 Product: Micro Focus Vibe (formerly Novelle Vibe) Manufacturer: Micro Focus International plc Affected Version(s): 4.0.6 Tested Version(s): 4.0.6 Vulnerability Type: HTML Injection (CWE-79) Risk Level: Low Solution Status:

[FD] Defense in depth -- the Microsoft way (part 65): unsafe, easy to rediect paths all over

Hi @ll, Microsoft still registers LOTS of DLLs (which implement COM classes, cryptography service providers, services etc.) as well as command lines with paths containing the (pre-defined) environment variables %windir%, %SystemRoot%, %ProgramFiles%, %CommonProgramFiles%, %ProgramFiles(x86)% and %

[FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs

Hi @ll, in September 2017, Microsoft relocated many executable files of Windows Defender from the directory "%ProgramFiles%\Windows Defender\" to "%ProgramData%\Microsoft\Windows Defender\platform\\": see

[FD] APPLE-SA-2020-03-25-2 iCloud for Windows 7.18

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-25-2 iCloud for Windows 7.18 iCloud for Windows 7.18 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with impr

[FD] APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3 iCloud for Windows 10.9.3 is now available and addresses the following: libxml2 Available for: Windows 10 and later via the Microsoft Store Impact: Multiple issues in libxml2 Description: A buffer ove

[FD] CVE-2019-4716: conf overwrite + auth bypass = rce as root / SYSTEM on IBM PA / TM1

Hi, Here's a fun one I have been working on for some time. tl;dr IBM PA / TM1, dating back to 2014, maybe 2009 is vulnerable to a unauthenticated configuration overwrite; this is abused to "fake authenticate" to it, and finally execute code as root / SYSTEM using TM1 scripting. Advisory below,

[FD] New tool: nullscan v1.0.0 - A modular framework designed to chain and automate security tests

Howdy, We've just released nullscan v1.0.0, a modular framework designed to chain and automate security tests. It's a beast and highly recommended to learn and use it. :) Here are some details: [ Description ] A modular framework designed to chain and automate security tests. It parses target d

[FD] CVE-2019-19913

codeBeamer – Stored Cross-Site Scripting === Identifiers - * CVE-2019-19913 CVSSv3 score - 6.4 ([AV:N/AC:L/PR:H/UI:R/S:

[FD] CVE-2019-19912

codeBeamer – Stored Cross-Site Scripting === Identifiers - * CVE-2019-19912 CVSSv3 score - 6.4 (AV:N/AC:L/PR:H/UI:R/S:U/