KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service
Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL:
https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt
1. V
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary
[Original post here:
https://wwws.nightwatchcybersecurity.com/2018/03/01/content-injection-in-samsung-display-solutions-application-for-android-cve-2018-6019/]
TITLE
Content Injection in Samsung Display Solutions Application for Android
[CVE-2018-6019]
SUMMARY
Samsung Display Solutions App for
Hello list!
There are Cross-Site Request Forgery vulnerabilities in D-Link
DGS-3000-10TC. In previous advisory I wrote about Cross-Site Scripting and
Content Spoofing vulnerabilities.
-
Affected products:
-
Vulnerable is the next model: D-Link
-
Vulnerability Type: Detection Bypass
Affected Product: Suricata
Vulnerable version: <4.0.4
CVE number: CVE-2018-6794
Found: 25.01.2018
By: Kirill Shipulin (@kirill_wow), Positive Technologies
Severity: Medium
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SEGGER-embOS-FTP-SERVER-v3.22-FTP-COMMANDS-DENIAL-OF-SERVICE.txt
[+] ISR: Apparition Security
Vendor:
=
www.segger.com
Product:
===
embOS/IP F
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/DUALDESK-v20-DENIAL-OF-SERVICE.txt
[+] ISR: Apparition Security
Vendor:
===
www.dualdesk.com
Product:
===
DualDesk v20
DualDesk is powerful,
