Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9914 for this vulnerability.
Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9913 for this vulnerability.
Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9912 for this vulnerability.
Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9911 for this vulnerability.
Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9910 for this vulnerability.
Posted by Henri Salo on Mar 22MITRE assigned CVE-2019-9909 for this vulnerability.
Posted by Henri Salo on Mar 22Please use CVE-2019-9908.
Posted by Paolo G on Mar 22CVE-2018-17057: phar deserialization in TCPDF might lead to RCE
TCPDF <= 6.2.19
"Started in 2002, TCPDF is now one of the world's most active Open Source
projects, used daily by millions of users and included in thousands of CMS
and Web applications." - https://tcpdf.org/
"PHP library for generating...
Posted by Security Explorations on Mar 20Hello All,
We discovered multiple security vulnerabilities in reference implementation
of Java Card technology  from Oracle used in financial, government,
transportation and telecommunication sectors among others.
According to Oracle, "Java Card technology provides a secured environment
for applications that run on smart cards and other trusted devices with
limited memory and processing capabilities. With close to six billion
Posted by Timo Lindfors on Mar 19CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error
The SAML SSO addon in Artifactory 6.5.9 is vulnerable.
The SAML SSO addon in Artifactory 6.5.13 is NOT vulnerable.
Other versions were not tested.
"Artifactory offers a SAML-based Single Sign-On service allowing
Posted by (RS) Tyler Schroder via Fulldisclosure on Mar 19=============================================
2FA & macOS Disk Encryption Bypass in Abine Blur 7.24*
Topic: Abine Blur Password Manager Insecure Permissions
* Announced: 2019-03-18
* Credits: RS Tyler Schroder
* Affects: 7.8.242*
* Corrected: 2018-03-18
* Corrected V: 8.0.2478
* CVE Name: CVE-2019-6481
Abine Blur is a...
Posted by Henri Salo on Mar 19Good research work Manuel. Keep up the good work! =)
In case of WordPress plugins your solution is not correct. This vulnerability
can be exploited even plugin is disabled. Plugin must be deleted in order to
Posted by Matthias Deeg on Mar 16Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: CVE-2019-9835
Author of Advisory: Matthias Deeg...
Posted by Jaroslav Lobačevski on Mar 16https://packagist.org/packages/joshcam/mysqli-database-class aka
https://github.com/ThingEngineer/PHP-MySQLi-Database-Class v2.9.2 is
vulnerable to SQL injection in functon Where() because of special
"forkaround" at line 971
If $whereValue happens to be an array, key value is used as $operator to
Posted by Fernando Gont on Mar 16Folks,
It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.
Rather than describing IPv6 in an isolated manner, it aims to re-use as
Posted by David Coomber on Mar 16Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)
Posted by hyp3rlinx on Mar 16Added a few things I had previously left out that should have been
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] ISR: ApparitionSec
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can...
Posted by Manuel Garcia Cardenas on Mar 16=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
Posted by redazione on Mar 12Description
FlexPaper (https://www.flowpaper.com) is an open source project, released under GPL license, quite widespread over the
internet. It provides document viewing functionalities to web clients, mobile and tablet devices. At least until 2014
the component has been actively used by WikiLeaks, when it was discovered to be affected by a XSS vulnerability
Around one year ago Red Timmy Sec discovered a...
Posted by Kevin R on Mar 12CVE-2019-9649
CoreFTP FTP / SFTP Server v2 - Build 674
MDTM Directory Traversal
Discovered By: Kevin Randall
Summary: By utilizing a directory traversal along with the FTP MDTM
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size along with the date the file was
last modified by using a ..\..\ technique
Parrot OS VM
Windows 7 VM
FTP / SFTP Server v2 - Build 674...