Dear Full Disclosure,
Please find attached an advisory for the following vulnerability:
A buffer overflow in the DtPrinterAction::PrintActionExists() function in the
Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13
(Update 11) and earlier, allows local users to gain
Title:
==
CommSy <= 8.6.5 - SQL injection
Researcher:
===
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG
CVE-ID:
===
CVE-2019-11880
Timeline:
=
2019-04-15 Vulnerability discovered
2019-04-15 Asked for security contact and PGP key
2019-04-16 Send details to the ve
GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability
It is possible in versions 1.30 and below for unauthenticated attackers to
query the GAT-Ship Web Module for system information via a crafted request:
PoC:
-
Advisory: Directory Traversal in Cisco Expressway Gateway
RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.
Details
===
Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Fix