Posted by Marcin Kozlowski on Oct 30Hi list,
Debugged this issue, but somehow cannot trigger the crash in Chrome.
Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)
Anybody had sucess witht this bug? Feel free to reply here or DM.
Posted by Vulnerability Lab on Oct 29Title: German armed forces launch security vulnerability disclosure program
[CVE-2020-25204] God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing
Posted by Julien Ahrens (RCE Security) on Oct 27RCE Security Advisory
1. ADVISORY INFORMATION
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Posted by Kevin R on Oct 23files through a TFTP GET request
Posted by Nguyen Anh Quynh on Oct 23Greetings!
We are very happy to announce version 1.0.2 of Unicorn Emulator!
It has been more than 3.5 years since the last major update, and this
version marks 5 year of Unicorn. Such a long journey for an open
source project! That is really exciting to see our magical animal
having more and more impact in both academia community and the
This version fixes various issues of v1.0.1, adds some new API and
Posted by SEC Consult Vulnerability Lab on Oct 23SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 2020.015
CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180,
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw)
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know, this
feature is used so you can install Android apps on your phone via the web
interface on another device (like a desktop) logged into the same Google
account, via the Play Store.
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission. Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP. If you don't
Posted by Ryan Wincey on Oct 20Document Title:
LISTSERV Maestro Remote Code Execution Vulnerability
Product & Service Introduction:
LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers...
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They can
push and remove software from devices at will. There are precedents of
Google and Apple using this power, generally to get rid of malware that
made it past app store detection and review mechanisms.
This isn't anything new and it has been standardized across both major
mobile platforms. Of course, that doesn't mean there aren't legal
Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass
RedTeam Pentesting discovered a vulnerability in FRITZ!Box router
devices which allows to resolve DNS answers that point to IP addresses
in the private local network, despite the DNS rebinding protection
Product: FRITZ!Box 7490 and potentially others
Affected Versions: 7.20 and below
Fixed Versions: >= 7.21
Vulnerability Type: Bypass
Security Risk: low
Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16Dear subscribers,
we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne.
Martin Heiland, Open-Xchange GmbH
Product: OX App Suite / OX Documents
Vendor: OX Software GmbH
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.2,...
Posted by Enrico Weigelt, metux IT consult on Oct 16Hello folks,
In short, Google's playstore receives notifications from Google and
installs any app that Google wants to be installed - without any further
notification or even interaction of the user.
Google silently controls your device as soon you enter an google account.
Actually, it's not a bug, but a on-purpose backdoor. I've published it
here, in order to let everybody know. Futher actions have to be done by
Posted by Securify B.V. via Fulldisclosure on Oct 16------------------------------------------------------------------------
A Java deserialization vulnerability exists in the QRadar
vulnerable methods and...
SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW
Posted by SEC Consult Vulnerability Lab on Oct 12SEC Consult Vulnerability Lab Security Advisory < 20201012-0 >
title: Reflected Cross-Site Scripting and Unauthenticated
Malicious File Upload
product: Sage DPW
vulnerable version: 2020_06_000 & 2020_06_001
fixed version: 2020_06_002
CVE number: CVE-2020-26583 & CVE-2020-26584
Posted by houjingyi on Oct 09new dll hijacking scenario found by accident
Speaking of dll hijacking, many people may think it is a very useless.
However, I noticed researchers disclosured some special dll hijacking
scenarios that can lead to LPE and even RCE. Some times ago, I accidentally
discovered vulnerability in dll loading mechanism in cisco webex teams that
can lead to LPE, and...
SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins
Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 >
title: Multiple Cross-Site Scripting Vulnerabilities
products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status
vulnerable versions: PlantUML: 6.43, Refined Toolkit for Confluence: 2.2.5, Linking for Confluence: 5.5.3, Countdown
Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N
RedTeam Pentesting discovered a Denial-of-Service vulnerability in the
D-Link DSR-250N device which allows unauthenticated attackers in the
same local network to execute a CGI script which reboots the device.
Product: D-Link DSR-250N
Affected Versions: 3.12 and potentially later
Fixed Versions: 3.17B
Vulnerability Type: DoS
Security Risk: low