[FD] APPLE-SA-2018-12-05-3 tvOS 12.1.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-3 tvOS 12.1.1 tvOS 12.1.1 is now available and addresses the following: Airport Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A type

[FD] APPLE-SA-2018-12-05-4 Safari 12.0.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-4 Safari 12.0.2 Safari 12.0.2 is now available and addresses the following: Safari Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.1 Impact: Visiting a malicious website may lead to

[FD] Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877)

Title: Cross-Site Scripting in Adiscon LogAnalyzer (CVE-2018-19877) Credit: Gustavo Sorondo / http://www.cintainfinita.com Vendor/Product: Adiscon LogAnalyzer (https://loganalyzer.adiscon.com/ https://github.com/rsyslog/loganalyzer) Vulnerability: Cross-Site Scripting (XSS) Vulnerable version:

[FD] [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)

Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813,

[FD] APPLE-SA-2018-12-06-1 watchOS 5.1.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-06-1 watchOS 5.1.2 watchOS 5.1.2 is now available and addresses the following: Airport Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A type confusion

[FD] APPLE-SA-2018-12-05-1 iOS 12.1.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-1 iOS 12.1.1 iOS 12.1.1 is now available and addresses the following: Airport Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate

[FD] APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows iTunes 12.9.2 for Windows is now available and addresses the following: Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A

[FD] APPLE-SA-2018-12-05-6 iCloud for Windows 7.9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-6 iCloud for Windows 7.9 iCloud for Windows 7.9 is now available and addresses the following: Safari Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic

[FD] APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra are now available and addresses the

[FD] APPLE-SA-2018-12-05-7 Shortcuts 2.1.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-12-05-7 Shortcuts 2.1.2 Shortcuts 2.1.2 is now available and addresses the following: This update has no published CVE entries. We would like to acknowledge Micah A for their assistance. Installation note: Shortcuts 2.1.2 for iOS

[FD] [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method

Hi!!! playing in 2006 I have adapted the exploit to python Not only the GET method is vulnerable to BOF (CVE-2004-2271). HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length