[FD] DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DSA-2018-013: Dell EMC ECOM XML External Entity Injection Vulnerability EMC Identifier: DSA-2018-013 Severity: High Severity Rating: CVSS Base Score: 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) Affected products: Dell EMC Unisphere for VMAX Virtua

Re: [FD] Auto-detection of Compressed Files in Apple’s macOS

As a follow-up on this, Cisco has issued a public advisory to address this issue in their AMP appliance. It is tracked under CVE-2018-0237: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp https://nvd.nist.gov/vuln/detail/CVE-2018-0237 Thanks On Sun, Feb

[FD] APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-3 Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) Safari 11.1 (v. 11605.1.33.1.4, 12605.1.33.1.4, and 13605.1.33.1.4) is now available and addresses the following: WebKit Available for: OS X El Capitan 10.11.

[FD] APPLE-SA-2018-04-24-2 Security Update 2018-001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-2 Security Update 2018-001 Security Update 2018-001 is now available and addresses the following: Crash Reporter Available for: macOS High Sierra 10.13.4 Impact: An application may be able to gain elevated privileges Description

[FD] APPLE-SA-2018-04-24-1 iOS 11.3.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2018-04-24-1 iOS 11.3.1 iOS 11.3.1 is now available and addresses the following: Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privi

[FD] Authorization bypass in PHPLiteAdmin since 1.9.5

Hello, I found a small issue in PHPLiteAdmin. It's an authorization bypass which works since version 1.9.5 from 2014 (current is 1.9.7.1) because PLA uses '==' instead of '===' for the password comparison in 'attemptGrant' of the 'Authorization' class. If the password is set to one which correspon

[FD] Hikvision hik-connect.com authentication vulnerability

There is a full write up of this bug here: https://medium.com/@evstykas/hackvision-8f50924e56d <https://medium.com/@evstykas/hackvision-8f50924e56d> Vulnerability Security Advisory < 20180424 > === title: No v

[FD] Sitecore Directory Traversal Vulnerability

Sitecore Directory Traversal Vulnerability CVE-2018-7669 (reserved) An issue was discovered in Sitecore CMS that affects at least 'Sitecore.NET 8.1' rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access ar

[FD] SEC Consult SA-20180424-0 :: Reflected Cross-Site Scripting in multiple Zyxel ZyWALL products

SEC Consult Vulnerability Lab Security Advisory < 20180424-0 > === title: Reflected Cross-Site Scripting product: Zyxel ZyWALL: see "Vulnerable / tested version" vulnerable version: ZLD

[FD] SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server

SEC Consult Vulnerability Lab Security Advisory < 20180423-0 > === title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0