[FD] SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform

2022-11-15 Thread SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult Vulnerability Lab Security Advisory < 20221114-0 > === title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: <5.45.0 Community:

[FD] SEC Consult SA-20221110-0 :: HTML Injection in BMC Remedy ITSM-Suite

2022-11-15 Thread SEC Consult Vulnerability Lab, Research via Fulldisclosure
SEC Consult Vulnerability Lab Security Advisory < 20221110-0 > === title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 (= 20.02 in new versioning scheme) fixed

[FD] APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1

2022-11-15 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2022-11-09-2 macOS Ventura 13.0.1 macOS Ventura 13.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213504. libxml2 Available for: macOS Ventura Impact: A remote

[FD] Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution

2022-11-15 Thread malvuln
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution

[FD] HEUR:Trojan.MSIL.Agent.gen / Information Disclosure

2022-11-15 Thread malvuln
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: HEUR:Trojan.MSIL.Agent.gen Vulnerability: Information Disclosure Description: the

[FD] Backdoor.Win32.Aphexdoor.LiteSock / Remote Stack Buffer Overflow (SEH)

2022-11-15 Thread malvuln
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2047ac6183da4dfb61d2562721ba0720.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow (SEH)

[FD] [CVE-2022-3747] BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery

2022-11-15 Thread Julien Ahrens (RCE Security)
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION === Product:BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery [CWE-253] Date found: 2021-10-28 Date

[FD] Cisco Secure Email Gateways can easily be circumvented

2022-11-15 Thread FD
This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must