[FD] SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI)

2019-01-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20190124-0 > === title: Cross-site scripting product: CA Automic Workload Automation Web Interface (AWI) (formerly Automic Auto

[FD] RVAsec 2019 Call for Presentations (CFP)

2019-01-24 Thread Sullo
RVAsec is a Richmond, VA based security convention that brings top industry speakers to the Mid-Atlantic region. In its seventh year, RVAsec 2018 attracted over 650 security professionals from across the country. For 2019, the conference is a two day and three track format, with a mixed focus on

[FD] [RT-SA-2018-004] Cisco RV320 Command Injection

2019-01-24 Thread RedTeam Pentesting GmbH
Advisory: Cisco RV320 Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and

[FD] [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

2019-01-24 Thread RedTeam Pentesting GmbH
Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly

[FD] [RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

2019-01-24 Thread RedTeam Pentesting GmbH
Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Details === Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others