[FD] RichFaces exploitation toolkit

2020-03-13 Thread Red Timmy Security
Hi, The RichFaces library has been vulnerable to many Java deserialization and EL injection vulnerabilities. This infamous library is included with many JSF web applications for providing advanced UI elements beyond the (very limited) set that is built-in with the framework. Therefore, many

[FD] [RT-SA-2020-001] Credential Disclosure in WatchGuard Fireware AD Helper Component

2020-03-13 Thread RedTeam Pentesting GmbH
Advisory: Credential Disclosure in WatchGuard Fireware AD Helper Component RedTeam Pentesting discovered a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active

[FD] Defense in depth -- the Microsoft way (part 63): program defaults, settings, policies ... and (un)trustworthy computing

2020-03-13 Thread Stefan Kanthak
Hi @ll, in 1993, Microsoft introduced Windows NT, and with it the following hierarchy (or rules) of program defaults, settings and policies: - policies override settings; - user-specific policies and settings take precedence over system- wide policies and settings; - hard-coded program

[FD] CarolinaCon is POSTPONED

2020-03-13 Thread CarolinaCon
After careful deliberation and discussions, our team has decided that it would be in the best interest of the local community to postpone the upcoming CarolinaCon conference because of the on going situation with Coronavirus. Due to the nature of the conference, we do not believe that we can

[FD] [REVIVE-SA-2020-002] Revive Adserver Vulnerabilities

2020-03-13 Thread Matteo Beccati via Fulldisclosure
Revive Adserver Security Advisory REVIVE-SA-2020-002 https://www.revive-adserver.com/security/revive-sa-2020-002

[FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client

2020-03-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20200312-0 > === title: Authenticated Command Injection product: Phoenix Contact TC Router & TC Cloud Client vulnerable version: <=2.05.3 & <=2.03.17 &

[FD] SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client

2020-03-13 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20200312-0 > === title: Authenticated Command Injection product: Phoenix Contact TC Router & TC Cloud Client vulnerable version: <=2.05.3 & <=2.03.17 &