[FD] Max Secure Anti Virus Plus - 19.0.4.020 / CVE-2019-19382 Insecure Permissions

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MAX-SECURE-PLUS-ANTIVIRUS-INSECURE-PERMISSIONS.txt [+] ISR: ApparitionSec [Vendor]www.maxpcsecure.com [Affected Product Code Base] Max Secure Anti

Re: [FD] Anhui Huami Mi Fit Android Application - Unencrypted Update Check

What's the issue here exactly? An attacker can just prevent an the in app update check from realizing it needs to nag the user? The actual update logic and update-ability is controlled through the Play Store, no? -Tim Strazzere On Tue, Nov 26, 2019 at 10:27 AM David Coomber <

[FD] CVE-2019-18922; Directory Traversal; Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 = CVEID: CVE-2019-18922 NAME OF AFFECTED PRODUCT: Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] PROBLEM TYPE: Directory Traversal DESCRIPTION: A Directory Traversal in the Web

[FD] [SYSS-2019-027]: Inateck BCST-60 Barcode Scanner - Keystroke Injection Vulnerability (CVE-2019-12503)

Advisory ID: SYSS-2019-027 Product: BCST-60 Barcode Scanner Manufacturer: Inateck Affected Version(s): BCST-60 Tested Version(s): BCST-60 Vulnerability Type: Cryptographic Issues (CWE-310) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer

[FD] NAPC Xinet Elegant 6 Asset Library Web Interface v6.1.655 / Pre-Auth SQL Injection 0Day

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAPC-XINET-ELEGANT-6-ASSET-LIBRARY-WEB-INTERFACE-PRE-AUTH-SQL-INJECTION.txt [+] ISR: ApparitionSec [Vendor] www.napc.com [Product] Xinet Elegant 6 Asset Library Web Interface