date:20201218

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995]

2020-12-18 Thread Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key === Identifiers - CVE-2020-8995 Vendor

[FD] Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability

2020-12-18 Thread Stefan Kanthak

Hi @ll, this post is a shortened version of With Windows 2000 and Windows XP, Microsoft introduced the functions SystemFunction035() alias RtlCheckSignatureInFile(), SystemFunction036() alias RtlGenRandom(), SystemFunction040() alias

[FD] Rocket.Chat quietly patches XSS vulnerability

2020-12-18 Thread Moe Szyslak

Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits: https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021c https://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of this

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719]

2020-12-18 Thread Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key === Identifiers - CVE-2020-11719 Vendor

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717]

2020-12-18 Thread Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections = Identifiers - CVE-2020-11717 Vendor -

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]

2020-12-18 Thread Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP === Identifiers - CVE-2020-11718 Vendor

[FD] CA20201215-01: Security Notice for CA Service Catalog

2020-12-18 Thread Kevin Kotas via Fulldisclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last Updated: December 15, 2020 CA Technologies, a Broadcom Company, is alerting customers to a risk with CA Service Catalog. A vulnerability can potentially exist in

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720

2020-12-18 Thread Georg Ph E Heise via Fulldisclosure

Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password === Identifiers - CVE-2020-11720 Vendor

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995]

[FD] Defense in depth -- the Microsoft way (part 68): where compatibility means vulnerability

[FD] Rocket.Chat quietly patches XSS vulnerability

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-11719]

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections [CVE-2020-11717]

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]

[FD] CA20201215-01: Security Notice for CA Service Catalog

[FD] Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password - CVE-2020-11720

8 matches

Site Navigation

Mail list logo

Footer information