FreshRSS

๐Ÿ”’
โŒ About FreshRSS
โ˜ท
โ–ฝ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayVulnerabilities

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
  • August 15th 2018 at 05:55
  • โ†—

Vuln: Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability
  • July 9th 2019 at 00:00
  • โ†—

Vuln: Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability
  • July 9th 2019 at 00:00
  • โ†—

Vuln: GitLab CVE-2018-19575 Security Vulnerability

GitLab CVE-2018-19575 Security Vulnerability
  • July 10th 2019 at 00:00
  • โ†—

Vuln: GitLab CVE-2018-19493 HTML Injection Vulnerability

GitLab CVE-2018-19493 HTML Injection Vulnerability
  • July 10th 2019 at 00:00
  • โ†—

Vuln: Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability

Multiple F5 BIG-IP Products CVE-2019-6631 Denial of Service Vulnerability
  • July 11th 2019 at 00:00
  • โ†—

Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability

Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability
  • July 12th 2019 at 00:00
  • โ†—

Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities

Oracle July 2019 Critical Patch Update Multiple Vulnerabilities
  • July 12th 2019 at 00:00
  • โ†—

Vuln: McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability

McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability
  • July 12th 2019 at 00:00
  • โ†—

Vuln: Foreman CVE-2019-10198 Authorization Bypass Vulnerability

Foreman CVE-2019-10198 Authorization Bypass Vulnerability
  • July 12th 2019 at 00:00
  • โ†—

Vuln: VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability

VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability
  • July 14th 2019 at 00:00
  • โ†—

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
  • July 16th 2019 at 00:00
  • โ†—

Vuln: Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability

Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
  • July 17th 2019 at 00:00
  • โ†—

Vuln: OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability

OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability
  • July 17th 2019 at 00:00
  • โ†—

Vuln: Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability
  • July 17th 2019 at 00:00
  • โ†—

Vuln: Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities
  • July 19th 2019 at 00:00
  • โ†—

Vuln: GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability
  • July 19th 2019 at 00:00
  • โ†—

Vuln: Mozilla Firefox Multiple Security Vulnerabilities

Mozilla Firefox Multiple Security Vulnerabilities
  • July 19th 2019 at 00:00
  • โ†—

Vuln: Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
  • July 22nd 2019 at 00:00
  • โ†—

Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability

KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
  • July 25th 2019 at 00:00
  • โ†—

Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability

Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability
  • July 26th 2019 at 00:00
  • โ†—

Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities

LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities
  • July 26th 2019 at 00:00
  • โ†—

Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)
  • February 14th 2020 at 13:32
  • โ†—

Bugtraq: [SECURITY] [DSA 4623-1] postgresql-11 security update

[SECURITY] [DSA 4623-1] postgresql-11 security update
  • February 14th 2020 at 13:32
  • โ†—

Bugtraq: [SECURITY] [DSA 4622-1] postgresql-9.6 security update

[SECURITY] [DSA 4622-1] postgresql-9.6 security update
  • February 14th 2020 at 13:32
  • โ†—

Bugtraq: [EnumJavaLibs]_ Remote Java classpath enumerator

[EnumJavaLibs]_ Remote Java classpath enumerator
  • February 14th 2020 at 13:32
  • โ†—

Bugtraq: [SECURITY] [DSA 4624-1] evince security update

[SECURITY] [DSA 4624-1] evince security update
  • February 17th 2020 at 10:02
  • โ†—

Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
  • February 17th 2020 at 10:02
  • โ†—

Bugtraq: Web Application Firewall bypass via Bluecoat device

Web Application Firewall bypass via Bluecoat device
  • February 17th 2020 at 10:02
  • โ†—

Bugtraq: [SECURITY] [DSA 4625-1] thunderbird security update

[SECURITY] [DSA 4625-1] thunderbird security update
  • February 17th 2020 at 10:02
  • โ†—

Bugtraq: [SECURITY] [DSA 4627-1] webkit2gtk security update

[SECURITY] [DSA 4627-1] webkit2gtk security update
  • February 18th 2020 at 09:30
  • โ†—

Bugtraq: [SECURITY] [DSA 4626-1] php7.3 security update

[SECURITY] [DSA 4626-1] php7.3 security update
  • February 18th 2020 at 09:30
  • โ†—

Bugtraq: [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)
  • February 18th 2020 at 09:30
  • โ†—

Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)
  • February 18th 2020 at 17:23
  • โ†—

Bugtraq: [SECURITY] [DSA 4629-1] python-django security update

[SECURITY] [DSA 4629-1] python-django security update
  • February 19th 2020 at 15:39
  • โ†—

Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update

[SECURITY] [DSA 4628-1] php7.0 security update
  • February 19th 2020 at 15:39
  • โ†—

Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)

[slackware-security] proftpd (SSA:2020-051-01)
  • February 21st 2020 at 08:37
  • โ†—

Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)
  • February 24th 2020 at 12:35
  • โ†—

Bugtraq: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass
  • February 24th 2020 at 16:17
  • โ†—

Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)

Local information disclosure in OpenSMTPD (CVE-2020-8793)
  • February 25th 2020 at 10:31
  • โ†—

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)
  • February 25th 2020 at 10:31
  • โ†—

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

[SECURITY] [DSA 4633-1] curl security update
  • February 25th 2020 at 10:31
  • โ†—

Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
  • February 25th 2020 at 10:31
  • โ†—

Bugtraq: BugTraq Shutdown

BugTraq Shutdown
  • January 15th 2021 at 20:54
  • โ†—

Bugtraq: On Second Thought...

On Second Thought...
  • January 18th 2021 at 07:41
  • โ†—

Bugtraq: Re: BugTraq Shutdown

Re: BugTraq Shutdown
  • January 18th 2021 at 07:41
  • โ†—

Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update

Re: [SECURITY] [DSA 4628-1] php7.0 security update
  • January 18th 2021 at 07:41
  • โ†—

[AIT-SA-20220208-01] SexyPolling SQL Injection

Posted by sec-advisory on Apr 22

SexyPolling SQL Injection

====================

| Identifier: | AIT-SA-20220208-01|
| Target: | Sexy Polling ( Joomla Extension) |
| Vendor: | 2glux |
| Version: | all versions below version 2.1.8 |
| CVE: | Not yet |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |

Summary

========

[Sexy Polling is a Joomla Extension for votes.](https://2glux.com/projects/sexypolling...
  • April 23rd 2022 at 03:32
  • โ†—

CVE-2021-40680: Artica Proxy VMWare Appliance 4.30.000000 <=[SP273] Rev.1

Posted by Heiko Feldhusen via Fulldisclosure on Apr 22

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------

---------------------------------------------------------------...
  • April 23rd 2022 at 03:32
  • โ†—

Trovent Security Advisory 2108-02 / Zepp: User account enumeration in password reset function

Posted by Stefan Pietsch on Apr 27

# Trovent Security Advisory 2108-02 #
#####################################

User account enumeration in password reset function
###################################################

Overview
########

Advisory ID: TRSA-2108-02
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2108-02
Affected product: Zepp Android mobile application (com.huami.watch.hmwatchmanager)
Tested versions: Zepp 6.1.4-play...
  • April 27th 2022 at 16:58
  • โ†—

SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Apr 27

SEC Consult Vulnerability Lab Security Advisory < 20220427-0 >
=======================================================================
title: Privilege Escalation
product: Miele Benchmark Programming Tool
vulnerable version: at least 1.1.49 and 1.2.71
fixed version: 1.2.72
CVE number: CVE-2022-22521
impact: Medium
homepage: https://www.miele.com/
found:...
  • April 27th 2022 at 16:58
  • โ†—

Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials

Posted by malvuln on Apr 27

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 23. Authentication is
required, however the credentials test:test are weak and hardcoded within
the PE file.
Family: Cafeini
Type: PE32...
  • April 27th 2022 at 16:59
  • โ†—

Backdoor.Win32.Agent.aegg / Weak Hardcoded Credentials

Posted by malvuln on Apr 27

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.aegg
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8665. Authentication is
required, however the password "Xc 2870508" is weak and hardcoded within
the PE file.
Family: Agent...
  • April 27th 2022 at 16:59
  • โ†—

Trojan-Downloader.Win32.Small.ahlq / Insecure Permissions

Posted by malvuln on Apr 27

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d859ba54086fd0313dc34b73b5b1eccb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Small.ahlq
Vulnerability: Insecure Permissions
Description: the malware creates a directory with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename...
  • April 27th 2022 at 16:59
  • โ†—

Trojan-Downloader.Win32.Agent / Insecure Permissions

Posted by malvuln on Apr 27

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fb3ac3c9d808de7f4b5ede68715f658f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Downloader.Win32.Agent
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to the "Windows\System" directory
granting change (C) permissions to the authenticated user group. Standard
users can rename the...
  • April 27th 2022 at 16:59
  • โ†—

Backdoor.Win32.GF.j / Unauthenticated Remote Command Execution

Posted by malvuln on Apr 27

Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fa00524d7289cdba327d5c34ab3d9bd7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GF.j
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 21554. Third-party adversaries
who can reach infected hosts can run commands made available by the
backdoor.

Eg. commands...
  • April 27th 2022 at 16:59
  • โ†—
โŒ