[FD] SEC Consult SA-20180924-0 :: Multiple Vulnerabilities in Citrix StorageZones Controller

SEC Consult Vulnerability Lab Security Advisory < 20180924-0 > === title: Multiple Vulnerabilities product: Citrix StorageZones Controller vulnerable version: all versions before 5.4.2

[FD] SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform

SEC Consult Vulnerability Lab Security Advisory < 20180918-0 > === title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.

[FD] SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki

SEC Consult Vulnerability Lab Security Advisory < 20180906-0 > === title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and older versions fix

[FD] SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore

SEC Consult Vulnerability Lab Security Advisory < 20180813-0 > === title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed vers

[FD] Adobe Patches Vulnerability Affecting Internal Systems

Title: Adobe Patches Vulnerability Affecting Internal Systems Source: https://www.securityweek.com/adobe-patches-vulnerability-affecting-internal-systems Title: Adobe on internal systems security hole Source: https://www.theregister.co.uk/2018/07/19/adobe_internal_systems_bug/ References: Hacker

[FD] Adobe Systems - Arbitrary Code Injection Vulnerability

search Team)[resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

[FD] GhostMail - (Status Message) Persistent Web Vulnerability

idation web vulnerability in the chat module is estimated as medium (CVSS 4.0). Credits & Authors: ========== Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer & Information: =

[FD] GhostMail - (filename to link) POST Inject Web Vulnerability

ty. The vulnerability has been reported 2016-10-01. The issue was resolved during the 2017 Q2 - Q4 by the ghost mail developer team. Security Risk: == The security risk of the application-side input validation web vulnerability in the ghostmail mail module is estimated as

[FD] Binance v1.5.0 - Insecure File Permission Vulnerability

ty Manager] - https://www.vulnerability-lab.com/show.php?user=ZwX Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, includi

[FD] Barracuda Cloud Control 7.1.1.003 - Cross Site Scripting Vulnerability

Benjamin K.M. (Vulnerability Laboratory Core Research Team) - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disc

[FD] Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

urity Risk: == The security risk of the non-persistent cross site scripting vulnerability in the target_user value parameter is estimated as medium. Credits & Authors: == Vulnerability-Lab [resea...@vulnerability-lab.com] - h

[FD] Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

r=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

[FD] HackRF Circuit Board - New Universal Case for Devs & Pentesters

the new hackrf case for your developments or pentests. Credits & Authors: == Vulnerability Laboratory [Core Research Team] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerabili

[FD] SEC Consult SA-20180712-0 :: Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS

SEC Consult Vulnerability Lab Security Advisory < 20180712-0 > === title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version

[FD] Barracuda ADC v5.x - Multiple Persistent Vulnerabilities

show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capab

[FD] Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability

- https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warra

[FD] AT Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities

atched by the at developer team of the biz circle team. The issue was part of the official bug bounty program. Security Risk: == The security risk of the persistent cross site vulnerabilities in the web-application are estimated as medium (CVSS 4.6). Credits & Authors: ===

[FD] Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers

[FD] Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability

ng/ http://adc.localhost:8080/restapi/v2/virtual_service_groups/ Solution - Fix & Patch: === The vulnerability can be patched by a parse and encode of the vulnerable content rules input field values. Restrict the input and disallow special chars. Filter and parse the item li

[FD] ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

edium (CVSS 3.0). Credits & Authors: ====== Lawrence Amer (Vulnerability Lab Core Research Team) [zeroat...@gmail.com] - https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer Disclaimer & Information: = The information provided in this advis

[FD] Intel System CU - Buffer Overflow (Denial of Service) Vulnerability

aoud - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of

[FD] Secutech DSL WR RIS 330 - Filter Bypass Vulnerability

s then 8 characters to permanently grant the security of the customer using the mentioned hardware. Security Risk: == The security risk of the filter bypass router vulnerability in the password setup module is estimated as medium (CVSS 3.3). Credits & Authors: ====== Lawrence

[FD] SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T

SEC Consult Vulnerability Lab Security Advisory < 20180711-0 > === title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version:

[FD] SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers

-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/ SEC Consult Vulnerability Lab Security Advisory < 20180704-0 > === title: Local root jailbre

[FD] SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle

SEC Consult Vulnerability Lab Security Advisory < 20180529-0 > === title: Unprotected WiFi access & Unencrypted data transfer product: Vgate iCar 2 WiFi OBD2 Dongle vulnerable version: Vgate i

[FD] SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

SEC Consult Vulnerability Lab Security Advisory < 20180516-0 > === title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P

Re: [FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

The following CVE numbers have been assigned now: XSS issue: CVE-2018-11090 Arbitrary File Upload: CVE-2018-11091 On 2018-05-14 13:25, SEC Consult Vulnerability Lab wrote: > SEC Consult Vulnerability Lab Security Advisory < 2018

[FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > === title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed versio

[FD] SEC Consult SA-20180503-0 :: Authentication Bypass in Oracle Access Manager (OAM)

We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/ Demo video: https://www.youtube.com/watch?v=YK7_1NozAwQ SEC Consult Vulnerability Lab Security Advisory

[FD] SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products

SEC Consult Vulnerability Lab Security Advisory < 20180424-0 > === title: Reflected Cross-Site Scripting product: Zyxel ZyWALL: see "Vulnerable / tested version" vulnerable version: ZLD

[FD] SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server

SEC Consult Vulnerability Lab Security Advisory < 20180423-0 > === title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server

[FD] Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability

nformation provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case o

[FD] Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities

ts & Authors: ====== Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerabili

[FD] Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities

ors: == Benjamin K.M. [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab

[FD] AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability

Benjamin K.M. [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warr

[FD] SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net)

SEC Consult Vulnerability Lab Security Advisory < 20180314-0 > === title: Arbitrary Shortcode Execution & Local File Inclusion product: WOOF - WooCommerce Products Filter (PluginUs.Net)

[FD] PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$

Title: PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$ URL: https://www.vulnerability-db.com/?q=articles/2018/03/13/paypal-inc-increases-bug-bounty-payments-2018-3 #bugbounty #security #research #infosec -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE:

[FD] PayPal Inc - New Venmo Bug Bounty Program

Title: PayPal Inc - New Venmo Bug Bounty Program URL: https://www.vulnerability-db.com/?q=articles/2018/02/27/paypal-inc-updates-bug-bounty-program-venmo-payments-services -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com

[FD] SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail

SEC Consult Vulnerability Lab Security Advisory < 20180312-0 > === title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9

[FD] SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management

SEC Consult Vulnerability Lab Security Advisory < 20180228-0 > === title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: <1.9.17 fixe

[FD] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket

SEC Consult Vulnerability Lab Security Advisory < 20180227-0 > === title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: <4.0.0 -

[FD] SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors

We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 2018022

[FD] SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro

SEC Consult Vulnerability Lab Security Advisory < 20180208-0 > === title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: &l

[FD] SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip

SEC Consult Vulnerability Lab Security Advisory < 20180207-0 > === title: Multiple buffer overflow vulnerabilities product: InfoZip UnZip vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22

Re: [FD] Banknotes Misproduction security & biometric weakness

Am 30.01.2018 um 15:43 schrieb Jeffrey Walton: > On Tue, Jan 30, 2018 at 9:22 AM, Vulnerability Lab > <resea...@vulnerability-lab.com> wrote: >> Am 30.01.2018 um 15:18 schrieb Jeffrey Walton: >>> On Tue, Jan 30, 2018 at 4:08 AM, Vulnerability Lab >>> &l

Re: [FD] Banknotes Misproduction security & biometric weakness

Am 05.02.2018 um 16:10 schrieb Vulnerability Lab: > Hello Intern0t (inter...@protonmail.com), > could you please tell me what your strange blabla has to deal with the > fact that the hologram can be read and accepted as fingerprint because > of the polipaper inside. Did you see tha

Re: [FD] Banknotes Misproduction security & biometric weakness

Am 31.01.2018 um 17:21 schrieb Vulnerability Lab: > Hello Ben Tasker, > sorry if the title of the issue did lead you to misunderstand the > article. The currency is still secure. > The title refers to the information used for the issue. In case it was > misleading we will up

[FD] SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range

We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html SEC Consult Vulnerability Lab Security Advisory < 2018020

[FD] SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

SEC Consult Vulnerability Lab Security Advisory < 20180131-0 > === title: Multiple Vulnerabilities product: Sprecher Automation SPRECON-E-C, PU-2433 vulnerable version: <8.49 (most vulnerabili

[FD] SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications

SEC Consult Vulnerability Lab Security Advisory < 20180123-0 > === title: XXE & Reflected XSS product: Oracle Financial Services Analytical Applications vulnerable version: 7.3.5.x, 8.0.x

[FD] CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities

ated as high. (CVSS 7.5) Credits & Authors: ====== Vulnerability-Lab [ad...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer & Information: = The information provided in this advisory is provided

[FD] Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability

arch Team] - Lawrence Amer (http://lawrenceamer.me) Profile: https://www.vulnerability-lab.com/show.php?user=Lawrence Amer Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaim

[FD] CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities

nerability-lab.com/show.php?user=Benjamin%20K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of mer

[FD] Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities

ion attacks. The vulnerability can be resolved by an update to version 5.3.4 that is delivered by the manufacturer. The issue risk is marked as moderate. Security Risk: == The security risk of the stored cross site scripting vulnerabilities in the shopware cms are estimated as me

[FD] CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities

imated as medium. (CVSS 4.4) Credits & Authors: == Benjamin K.M. [b...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it i

[FD] Photo Vault v1.2 iOS - Insecure Authentication Vulnerability

ility-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of

[FD] Zenario v7.6 CMS - SQL Injection Web Vulnerability

exploitation Security Risk: == The security risk of the remote sql-injection web vulnerability in the web-application is estimated as medium (cvss 5.7). Credits & Authors: ====== Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com

[FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability

=== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are n

[FD] Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

lity-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, incl

[FD] SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

edits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri [https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory

[FD] Magento Commerce - SSRF & XSPA Web Vulnerability

lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability

[FD] Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

s it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, i

[FD] Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

rability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,

[FD] MagicSpam 2.0.13 - Insecure File Permission Vulnerability

=== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are n

[FD] Flash Operator Panel v2.31.03 - Command Execution Vulnerability

ulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or impli

[FD] WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

wpjobboard web-application is estimated as high (CVSS 6.0). Credits & Authors: ====== Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer & Information: = The information pr

[FD] SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities

y Risk: == The security risk of the application-side input validation web vulnerability and the filter bypass issue are estimated as medium. (CVSS 4.5) Credits & Authors: ====== Benjamin K.M. [b...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Be

[FD] Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty

Wickr Inc - App Clock & Message Deletion Glitch P2  - Bug Bounty (Document) [PDF] URL: https://www.vulnerability-lab.com/get_content.php?id=2107 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2018/01/04/wickr-inc-app-clock-message-deletion-glitch -- VULNERABILITY

[FD] iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities

b.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capabili

[FD] Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not lia

[FD] SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability

. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vu

[FD] SEC Consult SA-20171213-0 :: VPN credentials disclosure in Fortinet FortiClient

SEC Consult Vulnerability Lab Security Advisory < 20171213-0 > === title: VPN credentials disclosure product: Fortinet FortiClient vulnerable version: <4.4.2335 on Linux, <5.6.

Re: [FD] Edward Snowden free speech at JBFone - Future, Data Security & Privacy

UPDATE Reference(s): http://www.focus.de/digital/handy/iphone/apple-edward-snowden-warnt-vor-iphone-x-besonders-eine-funktion-ist-gefaehrlich_id_7921720.html http://www.chip.de/news/Beruehmtester-Hacker-der-Welt-warnt-Im-iPhone-X-steckt-eine-gefaehrliche-Funktion_128162181.html

[FD] SEC Consult SA-20171130-1 :: OS Command Injection & Reflected Cross Site Scripting in OpenEMR

SEC Consult Vulnerability Lab Security Advisory < 20171130-1 > === title: OS Command Injection & Reflected Cross Site Scripting product: OpenEMR vulnerable version: 5.0.0 fixed vers

[FD] SEC Consult SA-20171129-0 :: FortiGate SSL VPN Portal XSS Vulnerability

SEC Consult Vulnerability Lab Security Advisory < 20171129-0 > === title: FortiGate SSL VPN Portal XSS Vulnerability product: Fortinet FortiOS vulnerable version: see: Vulnerable / tested ve

[FD] Edward Snowden free speech at JBFone - Future, Data Security & Privacy

Title: Edward Snowden free speech at JBFone - Future, Data Security & Privacy Article: https://www.vulnerability-db.com/?q=articles%2F2017%2F11%2F23%2Fedward-snowden-free-speech-jbfone-data-security-privacy Video: https://www.youtube.com/watch?v=JF45xq0W15c Press:

[FD] SEC Consult SA-20171116-0 :: Broken access control & LINQ injection in Progress Sitefinity

SEC Consult Vulnerability Lab Security Advisory < 20171116-0 > === title: Broken access control & LINQ injection product: Progress Sitefinity vulnerable version: 10.0, 10.1 fix

[FD] SEC Consult SA-20171114-0 :: Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTUs SM-2556 COM Modules

SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > === title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 C

[FD] SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products

SEC Consult Vulnerability Lab Security Advisory < 20171018-1 > === title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version:

[FD] SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun

SEC Consult Vulnerability Lab Security Advisory < 20171018-0 > === title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017

[FD] SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component

SEC Consult Vulnerability Lab Security Advisory < 20171017-0 > === title: Cross site scripting product: Webtrekk Pixel tracking vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to

[FD] SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++

SEC Consult Vulnerability Lab Security Advisory < 20171016-0 > === title: Multiple vulnerabilities product: Micro Focus VisiBroker C++ vulnerable version: 8.5 SP2 fixed version: 8.5 S

[FD] Internet Security Conference 2017 in China by 360 Qihoo

Internet Security Conference China (Asia) - 360 Qihoo Event Url: http://isc.360.cn/2017/en/index.html --- Speaker: Benjamin Kunz Mejri Keynote:  People is the key factor of online security Possibilities of Individuals & IT-Security - Security Researcher & Bounty Hunter “No System is Safe!”

[FD] SEC Consult SA-20170914-1 :: Persistent Cross-Site Scripting in SilverStripe CMS

SEC Consult Vulnerability Lab Security Advisory < 20170914-1 > === title: Persistent Cross-Site Scripting product: SilverStripe CMS vulnerable version: <=3.5.3 fixed versi

[FD] SEC Consult SA-20170914-0 :: Authenticated Command Injection in Ubiquiti Networks UniFi Cloud Key

SEC Consult Vulnerability Lab Security Advisory < 20170914-0 > === title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware version &

[FD] SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app

SEC Consult Vulnerability Lab Security Advisory < 20170913-1 > === title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE

[FD] SEC Consult SA-20170913-0 :: Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage

SEC Consult Vulnerability Lab Security Advisory < 20170913-0 > === title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage vulnerable version: 9.1, 11.3, an

[FD] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting

SEC Consult Vulnerability Lab Security Advisory < 20170912-0 > === title: Email verification bypass product: SAP E-Recruiting vulnerable version: 605, 606, 616, 617 fixed version: see SAP se

[FD] Play TV v1.25.1(Build r123776) - DLL Hijack Vulnerability

ts & Authors: == Lawrence Amer [zeroat...@gmail.com] - https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranti

[FD] Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability

ry [Research Team] - Benjamin Kunz Mejri (http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.) Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either

[FD] WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities

dvisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, ind

[FD] SEC Consult SA-20170822-0 :: Multiple vulnerabilities in Progress Sitefinity CMS

SEC Consult Vulnerability Lab Security Advisory < 20170822-0 > === title: Multiple vulnerabilities product: Progress Sitefinity vulnerable version: 9.1 fixed version: 10.1 CVE

[FD] Microsoft Resnet - DNS Configuration Web Vulnerability

& Authors: == S.AbenMassaoud [saifmassaoud...@gmail.com] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab

[FD] Apple iOS 10.3 - UI SMS Access Permission Vulnerability

ulnerability-lab.com/show.php?user=Benjamin%20K.M.) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

[FD] SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection

SEC Consult Vulnerability Lab Security Advisory < 20170804-1 > === title: Authenticated Command Injection product: Ubiquiti Networks UniFi Cloud Key vulnerable version: Firmware v0.6.1

[FD] SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability

SEC Consult Vulnerability Lab Security Advisory < 20170804-0 > === title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE

[FD] SEC Consult SA-20170727-1 :: Kathrein UFSconnect 916 multiple vulnerabilities

SEC Consult Vulnerability Lab Security Advisory < 20170727-1 > === title: Multiple vulnerabilities product: KATHREIN - UFSconnect 916, UFSconnect 906 vulnerable version: 2.23 Build 224, 2.22 Bui

[FD] SEC Consult SA-20170727-0 :: Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities

SEC Consult Vulnerability Lab Security Advisory < 20170727-0 > === title: Authenticated Command Injection & Cloud User Weak Crypto & Privilege Escalation product: Ubi

[FD] SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170724-1 > === title: Open Redirect in Login Page product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE

[FD] SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170724-0 > === title: Cross-Site Scripting (XSS) product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1

<    1   2   3   4   5   6   7   >