[FD] Exploiting java deserialization vulnerabilities in crypto contexts - a java applet case-study

2020-04-28 Thread RedTimmy Security
Hi, regardless of being a deprecated technology, there are still many legacy applications relying on java applets out there. A bit of time ago we were involved in an atypical web application penetration test. The difficulty consisted in the fact that the java serialized payload responsible

[FD] Gigamon - GigaVUE 0day

2020-04-28 Thread Balázs Hambalkó
Hi, An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of

[FD] Blind SQL Injection Vulnerability in Geeklog 2.2.1

2020-04-28 Thread Daniel Bishtawi
Hello, We are informing you about a Blind SQL Injection Vulnerability in Geeklog 2.2.1. Information Advisory by Netsparker Name: Blind SQL Injection Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/

[FD] Cross-Site Scripting Vulnerability in Geeklog 2.2.1

2020-04-28 Thread Daniel Bishtawi
Hello, We are informing you about a Cross-Site Scripting Vulnerability in Geeklog 2.2.1. Here are the details: Information Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage:

[FD] Multiple vulnerabilities OpenAudiT

2020-04-28 Thread Pablo Zurro via Fulldisclosure
https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities [cid:image001.png@01D61CA0.B2B50080] Pablo A. Zurro Technical Product Manager e. pablo.zu...@helpsystems.com p. +34 93 274 0051 Ext. 211 w. www.helpsystems.com/es

[FD] Project Open v5.0.3 CMS - Multiple Web Vulnerabilities

2020-04-28 Thread Vulnerability Lab
Document Title: === Project Open v5.0.3 CMS - Multiple Web Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=2225 Release Date: = 2020-04-25 Vulnerability Laboratory ID (VL-ID):

[FD] POS PHP v17.5 - Persistent Cross Site Web Vulnerability

2020-04-28 Thread Vulnerability Lab
Document Title: === POS PHP v17.5 - Persistent Cross Site Web Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2228 Release Date: = 2020-04-28 Vulnerability Laboratory ID (VL-ID):

[FD] Easy Transfer v1.7 iOS - Multiple Web Vulnerabilities

2020-04-28 Thread Vulnerability Lab
Document Title: === Easy Transfer v1.7 iOS - Multiple Web Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=2223 Release Date: = 2020-04-27 Vulnerability Laboratory ID (VL-ID):

[FD] File Explorer v1.4 iOS - Information Disclosure Vulnerability

2020-04-28 Thread Vulnerability Lab
Document Title: === File Explorer v1.4 iOS - Information Disclosure Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2220 Release Date: = 2020-04-28 Vulnerability Laboratory ID (VL-ID):

[FD] Internet Download Manager v6.37.11.1 - Stack Buffer Overflow Vulnerabilities

2020-04-28 Thread Vulnerability Lab
Document Title: === Internet Download Manager v6.37.11.1 - Stack Buffer Overflow Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=2236 Release Date: = 2020-04-28 Vulnerability Laboratory ID (VL-ID):

[FD] File Sharing & Chat v1.0 iOS - Denial of Service Vulnerability

2020-04-28 Thread Vulnerability Lab
Document Title: === File Sharing & Chat v1.0 iOS - Denial of Service Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id= Release Date: = 2020-04-27 Vulnerability Laboratory ID (VL-ID):

[FD] Transfer Master v3.3 iOS - Denial of Service Vulnerability

2020-04-28 Thread Vulnerability Lab
Document Title: === Transfer Master v3.3 iOS - Denial of Service Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2224 Release Date: = 2020-04-28 Vulnerability Laboratory ID (VL-ID):