44 matches found
G Data EndpointProtection Enterprise 17.08.2021 Privilege Escalation
DATA Anti-Virus: Abusing OpenSSL to get local admin Metadata =================================================== Release Date: 05-Oct-2021 Author: Florian Bogner @ https://bee-itsecurity.at Affected product: G Data’s Security Client “EndpointProtection Enterprise” Fixed in: all versions after...
Waychar enrollment system suffers from SQL injection vulnerability (CNVD-2021-03395)
Guangzhou City Huadu District Xinhua Weichuang Advertising Design Service Department business scope includes: advertising, network information technology promotion services, network security information consulting. Waychar enrollment system has a SQL injection vulnerability, which can be exploite...
Waychar enrollment system suffers from SQL injection vulnerability (CNVD-2021-03387)
Guangzhou City Huadu District Xinhua Weichuang Advertising Design Service Department business scope includes: advertising, network information technology promotion services, network security information consulting. Waychar enrollment system has a SQL injection vulnerability, which can be exploite...
Navy Federal Cross Site Scripting
Vendor ------------------------------------------------- Navy Federal - https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/findin...
Hyland OnBase SQL Injection
CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...
Anubis Malware Upgrade Logs When Victims Look at Their Screens
The Anubis malware, which threat actors use to persistently attack Google’s Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen. The new feature is one of several that haven’t been...
LogicalDoc Virtual Appliance Multiple Vulnerabilities
1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2019-004 Advisory URL: Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability Information Class: Unrestricted...
LogicalDoc Virtual Appliance Multiple Vulnerabilities
Advisory ID Internal CORE-2020-004 1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-004 Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability...
SET v8.0.1 - The Social-Engineer Toolkit
Copyright 2019 The Social-Engineer Toolkit SET Written by: David Kennedy ReL1K Company: TrustedSec DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. Please read the LICENSE under readme/LICENSE for...
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006 Advisory URL:...
Dell EMC Isilon OneFS - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...
Getting Back on the Field
Growing up as a foreign service brat, I was obsessed with security. Living in Guatemala in the 80s you had to adapt and become resilient as child. As there was no TV in our household, 10-year-old Tom began to tinker with my father’s computer and soon it became my oasis from the stress of living i...
Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities
1. Advisory Information Title: Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities Advisory ID: CORE-2017-0007 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-scanmail-for-microsoft-exchange-multiple-vulnerabilities Date published: 2017-10-26 Date of...
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
Exploit for linux platform in category web applications 1. Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date publishe...
Web.com Hacked! Credit Card information of 93,000 Customers Compromised
Web.com, a Florida-based web hosting company with up to 3.3 Million customers, has suffered a data breach and may have compromised personal information and credit card data belonging to 93,000 of its clients. The company on Tuesday confirmed that some unknown hackers had breached one of its...
Remotely Exploitable Vulnerabilities in SAP Compression Algorithms
The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in...
Seagate Business NAS Firmware Vulnerabilities Disclosed
Firmware running on certain Seagate network-attached storage devices that are popular with small businesses and home offices, are vulnerable to remote attacks. Researchers at Beyond Binary, a security consulting firm in Australia, on Sunday went public with their disclosure after a nearly...
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...
SAP Netweaver Enqueue Server Trace Pattern Denial Of Service
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...
SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
Advisory ID Internal CORE-2014-0007 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory...