Emerson Network Power Cross Site Scripting(XSS) Vulnerability

2019-05-19 Thread Kubilay Onur Gungor
I. VULNERABILITY - httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. II. CVE REFERENCE - CVE-2019-12167 III. VENDOR

local privilege escalation via CDE dtprintinfo

2019-05-19 Thread Marco Ivaldi
Dear Bugtraq, Please find attached an advisory for the following vulnerability: A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root