[FD] Formstack Webhook HMAC Advisory

2018-02-09 Thread Derrek Bertrand
Formstack Webhook HMAC Advisory Summary: Formstack is a SaaS company with well over half a million users including major higher education and healthcare companies. They provide a drag-and-drop form builder that allows their customers to collect all manner of data. Formstack's outbound webhook

[FD] CVS Suite 2009R2 Insecure Library Loading CVE-2018-6461

2018-02-09 Thread hyp3rlinx
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOADING-CVE-2018-6461.txt [+] ISR: Apparition Security Vendor: =march-hare.com Product: ===

[FD] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

2018-02-09 Thread KoreLogic Disclosures
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details

[FD] KL-001-2018-002 : NetEx HyperIP Authentication Bypass

2018-02-09 Thread KoreLogic Disclosures
KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx

[FD] KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

2018-02-09 Thread KoreLogic Disclosures
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details

[FD] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

2018-02-09 Thread KoreLogic Disclosures
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1.

[FD] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

2018-02-09 Thread KoreLogic Disclosures
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected

[FD] libreoffice remote arbitrary file disclosure

2018-02-09 Thread Mikhail Klementev
Hello, After I know that the reported vulnerability was already known to developers, but they did not include trivial fix to 6.0, but (as the developer said, I did not check it byself) include to 5.4.5 (it means this is a silent fixed vulnerability) with a month lag between updates I think it's

[FD] SoapUI v5.3.0 Code Execution

2018-02-09 Thread Ismail Doe
Document Title: === SoapUI Arbitrary Code Execution via Malicious Project Product Description: === SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced API Tests with ease. Homepage:

[FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

2018-02-09 Thread Stefan Kanthak
Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see Once installed, Skype uses its own proprietary update mechanism instead