August 11, 2020-KB4569751 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909

August 11, 2020-KB4569751 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909 Release Date: August 11, 2020 Version: .NET Framework 3.5 and 4.8 Summary An elevation of privilege...

Cross-site Scripting (XSS)

kitodo/presentation is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not sanitize the value of $piVar in ListView.php, and Navigation.php...

DroneSploit - Drone Pentesting Framework Console

This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit. Black Hat Europe Arsenal 2019 presentation Also see articles: Black Hat Europe: New...

The vulnerability of Power BI report servers, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Power BI report server is related to errors in the way information is presented by the user interface. Exploiting this vulnerability could allow a malicious actor to carry out spear-phishing attacks remotely...

Microsoft Sway Abused in Office 365 Phishing Attack

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign’s success to two parts: First, it leverages multiple Microsoft file-sharing services to...

XML External Entity Expansion

openoffice.org is vulnerable to XML External Entity expansion. If OpenOffice.org were to open a specially-crafted file such as an OpenDocument Format or OpenDocument Presentation file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running...

Credentials Verification Bypass

vp-toolkit is vulnerable to credentials verification bypass. The verifyVerifiablePresentation function verifies the cryptographic integrity of the Verifiable Presentation but failure to check if the credentialSubject.id matches the signer of the VP proof allows to bypass the verification...

GHSA-FF5X-W9WG-H275 Holder can generate proof of ownership for credentials it does not control in vp-toolkit

Impact The verifyVerifiablePresentation method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. The verifier is impacted by this vulnerability. Patches Patch will be available in version...

Holder can generate proof of ownership for credentials it does not control in vp-toolkit

Impact The verifyVerifiablePresentation method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. The verifier is impacted by this vulnerability. Patches Patch will be available in version...

Design/Logic Flaw

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable...

CVE-2020-3155 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable...

Vulnerability expose Barco wireless presentation system to remote attacks

By Sudais 10 of these were found to have Common Vulnerability and Exposure CVE identifiers that these particular vulnerabilities were already... This is a post from HackRead.com Read the original post: Vulnerability expose Barco wireless presentation system to remote attacks...

October 24, 2019-KB4519573 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909

October 24, 2019-KB4519573 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909 Release Date: October 24, 2019 Version: .NET Framework 3.5 and 4.8 The October 24, 2019 update for...

The vulnerability of Microsoft Office packages, related to errors in information presentation by the user interface, allows an intruder to gain unauthorized access to protected information.

The vulnerability of Microsoft Office packages is related to errors in information representation by the user interface. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information using a specially crafted file...

XSS Vulnerability in Station Hi Display Building System

The Station Hi Showcase website builder is a self-service free website builder. A XSS vulnerability exists in StationHi Presentation builder, which can be exploited by attackers to inject arbitrary web script or HTML...

Valve: Steam chat - trade offer presentation vulnerability

It was possible to construct a Steam URL that began with "/tradeoffer/new" and included valid partner and token information, but which was in fact an external link. The crafted URL would be treated by the Steam Chat UI as a trade offer and given special visual treatment...

U.S. Dept Of Defense: [Partial] SSN & [PII] exposed through iPERMs Presentation Slide.

Hello @deptofdefense, when performing reconnaissance, I came across a presentation slide that displayed live data since the data is blocked out & is formatted with XXX-XX with the last 4 digits. The exposed data contains the following: UPC, Division/Brigade, Rank, Soldier Name, Last 4 digits of...

New Presentation Template: Incident Response Reporting for Management

Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607

September 24, 2019 — KB4515839 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1607 includes cumulative reliability improvements in Microsoft .NET Framework 4....

Authentication flaw

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...