[FD] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: -

[FD] Sagemcom router insecure deserialization > privilege escalation

___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Roundcube issue - Auth bypass via Improper Session Management

Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 - 1.4.8 CVE: in progress Credit: Balazs Hambalko, IT Security Consultant Risk: The lack of proper session validation could lead an attacker to access the victim user's emails. Issue

[FD] Bagisto: Default credentials for admin interface

Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: All Bagisto installations use a default user name ("ad...@example.com (mailto:ad...@example.com)") and

[FD] Bagisto: Insecure installation in sub-directories

Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which