-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability
EMC Identifier: DSA-2018-013
Severity: High
Severity Rating: CVSS Base Score: 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)
Affected products:
Dell EMC Unisphere for VMAX Virtua
As a follow-up on this, Cisco has issued a public advisory to address
this issue in their AMP appliance. It is tracked under CVE-2018-0237:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp
https://nvd.nist.gov/vuln/detail/CVE-2018-0237
Thanks
On Sun, Feb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4,
and 13605.1.33.1.4)
Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)
is now available and addresses the following:
WebKit
Available for: OS X El Capitan 10.11.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-2 Security Update 2018-001
Security Update 2018-001 is now available and addresses the
following:
Crash Reporter
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2018-04-24-1 iOS 11.3.1
iOS 11.3.1 is now available and addresses the following:
Crash Reporter
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: An application may be able to gain elevated privi
Hello,
I found a small issue in PHPLiteAdmin. It's an authorization bypass
which works since version 1.9.5 from 2014 (current is 1.9.7.1) because
PLA uses '==' instead of '===' for the password comparison in
'attemptGrant' of the 'Authorization' class. If the password is set to
one which correspon
There is a full write up of this bug here:
https://medium.com/@evstykas/hackvision-8f50924e56d
<https://medium.com/@evstykas/hackvision-8f50924e56d>
Vulnerability Security Advisory < 20180424 >
===
title: No v
Sitecore Directory Traversal Vulnerability
CVE-2018-7669 (reserved)
An issue was discovered in Sitecore CMS that affects at least
'Sitecore.NET 8.1' rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer'
application is vulnerable to a directory traversal attack, allowing an attacker
to access ar
SEC Consult Vulnerability Lab Security Advisory < 20180424-0 >
===
title: Reflected Cross-Site Scripting
product: Zyxel ZyWALL: see "Vulnerable / tested version"
vulnerable version: ZLD
SEC Consult Vulnerability Lab Security Advisory < 20180423-0 >
===
title: Multiple Stored XSS Vulnerabilities
product: WSO2 Carbon, WSO2 Dashboard Server
vulnerable version: WSO2 Identity Server 5.3.0
10 matches
Mail list logo