Greetings from hardwear.io!
We would like to share few exciting updates that you can expect from
hardwear.io in 2018!
First of all, we are very proud to announce that hardwear.io is going to
hold its first Security Training in Berlin!
Dates: 26 – 27 April 2018
Venue: Novotel Am Tiergarten,
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt
[+] ISR: Apparition Security
Vendor:
=
www.dewesoft.com
Product:
===
DEWESoft X3 SP1 (64-bit)
=
MGC ALERT 2018-002
- Original release date: February 12, 2018
- Last revised: March 12, 2018
- Discovered by: Manuel García Cárdenas
- Severity: 7,1/10 (CVSS Base Score)
- CVE-ID: CVE-2018-7474
=
I.
Hello,
Allow me to fix this for you:
> On 6 Mar 2018, at 20:04, filipe wrote:
>
> =[ Timeline of disclosure
> ]===
>
> 01/24/2018 - Vendor was informed of the vulnerability.
> 01/29/2018 - Vendor did not respond.
Title: PayPal Inc Increases Bug Bounty Payments in 2018 up to 30.000$
URL:
https://www.vulnerability-db.com/?q=articles/2018/03/13/paypal-inc-increases-bug-bounty-payments-2018-3
#bugbounty #security #research #infosec
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE:
Title: PayPal Inc - New Venmo Bug Bounty Program
URL:
https://www.vulnerability-db.com/?q=articles/2018/02/27/paypal-inc-updates-bug-bounty-program-venmo-payments-services
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
Advisory: Shopware Cart Accessible by Third-Party Websites
RedTeam Pentesting discovered that the shopping cart implemented by Shopware
offers an insecure API. Malicious, third-party websites may abuse this API to
list, add or remove products from a user's cart.
Details
===
Product: