[FD] : Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF

2018-02-16 Thread Arvind Vishwakarma
- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access

[FD] F-Secure Radar Login Page Unvalidated Redirect Vulnerability

2018-02-16 Thread Oscar Hjelm
F-Secure Radar Login Page Unvalidated Redirect Vulnerability CVE-2018-6324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324 # Summary The application will upon successfully logging in redirect the user to a user-controlled destination. A victim user may not recognise that a redirection

[FD] Local Privilege Escalation in CrashPlan’s Windows Client Version 4

2018-02-16 Thread Florian Bogner
Local Privilege Escalation in CrashPlan’s Windows Client Version 4 Metadata === Release Date: 15-Feb-2018 Author: Florian Bogner // https://bogner.sh Affected product: CrashPlan's 4-series and earlier Windows client Fixed in: CrashPlan's version

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

2018-02-16 Thread Jeffrey Walton
On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak wrote: > Hi @ll, > > since about two or three years now, Microsoft offers Skype as > optional update on Windows/Microsoft Update. > > JFTR: for Microsoft's euphemistic use of "update" see >

[FD] F-Secure Radar Persistent Cross-Site Scripting Vulnerability

2018-02-16 Thread Oscar Hjelm
F-Secure Radar Persistent Cross-Site Scripting Vulnerability CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 # Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. # Vendor

[FD] [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router

2018-02-16 Thread Kurtis
** Advisory Information Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vendor: Tenda Date Published: 14/02/2018 CVE: CVE-2018-5767 ** Vulnerability Summary The vulnerability in question