[FD] ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2018-001: EMC Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance Multiple Security Vulnerabilities EMC Identifier: ESA-2018-001 CVE Identifier: CVE-2017-15548, CVE-2017-15549, CVE-2017-15550 Severity Rating: Se

[FD] RCE in DuoLingo’s TinyCards App for Android [CVE-2017-16905]

[Original post here: https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/] SUMMARY The TinyCards Android application provided by DuoLingo can be injected with malicious content by an MITM attacker. Because this application is a web-app fra

[FD] [CVE-2017-7997] Gespage SQL Injection vulnerability

# [CVE-2017-7997] Gespage SQL Injection vulnerability ## Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Q

[FD] [CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability

# [CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability ## Description Gespage is web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing XSS code injection. These

[FD] AMD-PSP: fTPM Remote Code Execution via crafted EK certificate

Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isolated execution environment for sensitive and privileged tasks, such as main x86 core startup. See [2] for details. fTPM is a firmware TPM [3] implementation. It runs a