Hello all,
I would like to inform you about the Remote Command & Code Injection
vulnerabilities found in Wifi-soft's Unibox Controllers.
Name: Remote Code Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage:
Aspose.ZIP for .NET was vulnerable to path traversal that allowed an
attacker overwriting arbitrary file in a context of running application.
The issue was fixed in version 19.1.0.
Timeline:
04-10-2018 - Issue found and reported by email without reply.
10-10-2018 - Successfully reported in a
On Wed, Jan 02, 2019 at 04:42:08PM +0100, Daniel Bishtawi wrote:
> https://www.netsparker.com/web-applications-advisories/ns-18-034-code-evolution-php-in-zurmo/
> 12th November 2018 - First Contact
> 2nd January 2018 - Advisory Released
Did you request CVE(s) for this? How did you contact vendor?
On Thu, Jan 03, 2019 at 10:45:36AM +0100, Daniel Bishtawi wrote:
> We are glad to inform you about the vulnerabilities we reported in
> Microweber 1.0.8.
> Affected Versions: 1.0.8
> Homepage: https://github.com/microweber/microweber
> Status: Not Fixed
> CVE-ID: CVE-2018-19917
> Netsparker
Hi FD,
I am glad to present a new release of this tool:
- https://ufonet.03c8.net
"UFONet - is a toolkit designed to launch DDoS and DoS attacks."
See these links for more info:
- CWE-601:Open Redirect [1]
- OWASP:URL Redirector Abuse [2]
- Botnet requests schema [3]
-
Main
Hello,
We are glad to inform you about the vulnerabilities we reported in ZenPhoto
1.4.14.
Here are the details:
Advisory by Netsparker
Name: Multiple Cross-Site Scripting Vulnerabilities in ZenPhoto 1.4.14
Affected Software: ZenPhoto
Affected Versions: 1.4.14
Homepage: http://www.zenphoto.org/
Hello,
We are glad to inform you about the vulnerabilities we reported in Mantis
2.11.1.
Here are the details:
Advisory by Netsparker
Name: Reflected Cross-site Scripting in Mantis 2.11.1
Affected Software: Mantis
Affected Versions: 2.11.1
Homepage: https://www.mantisbt.org/
Vulnerability:
Hi Henri,
There was no response after the details had been sent to
pe...@microweber.com as requested by Microweber (i...@microweber.com).
They did not follow up with an update on the status of the fix once the
technical details has been sent, as requested and did not respond when we
tried to
Details
Software: MapSVG Lite
Version: 3.2.3
Homepage:
https://en-gb.wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/
Advisory report: https://advisories.dxw.com/advisories/csrf-mapsvg-lite/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)