[FD] System Down: A systemd-journald exploit

Qualys Security Advisory System Down: A systemd-journald exploit Contents Summary CVE-2018-16864 - Analysis - Exploitation CVE-2018-16865 -

[FD] [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones

# [CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones ## Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets.

[FD] [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones

# [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones ## Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs

Re: [FD] Reflected Cross-site Scripting in Mantis 2.11.1

On Tue, Jan 08, 2019 at 11:42:59AM +0100, Daniel Bishtawi wrote: > Status: Fixed > CVE-ID: CVE-2018-13055 Fixed in 2.15.1 https://mantisbt.org/blog/archives/mantisbt/602 https://mantisbt.org/bugs/view.php?id=24580

Re: [FD] Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2

On Mon, Dec 03, 2018 at 03:37:25PM +0100, Daniel Bishtawi wrote: > Name: Reflected Cross-site Scripting Vulnerability in CubeCart > Affected Versions: 6.2.2 > Status: Fixed > https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/ Fixed in what

[FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6

Hello, We are glad to inform you about the vulnerabilities we reported in Ampache 3.8.6 Here are the details: Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting in Ampache 3.8.6 Affected Software: Ampache Affected Versions: 3.8.6 Homepage: http://ampache.org Vulnerability:

[FD] XML External Entity Injection Vulnerability in BlogEngine 3.3

Hello, We are glad to inform you about the vulnerabilities we reported in BlogEngine 3.3. Here are the details: Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage: https://blogengine.io/

[FD] Open Redirection Vulnerabilities in OrangeForum 1.4.0

Hello, We are glad to inform you about the vulnerabilities we reported in OrangeForum 1.4.0 Here are the details: Advisory by Netsparker Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0 Affected Software: OrangeForum Affected Versions: 1.4.0 Homepage:

[FD] Capstone v4.0.1 is out!

Greetings, We are happy to announce version 4.0.1 of Capstone disassembler framework! This release fixes some bugs of v4.0, and introduces some improvements for the Python binding. We encourage all users of v4.0 to upgrade. In no particular order, we would like to thank NowSecure

[FD] Microsoft VCF File Insufficient UI Warning Remote Code Execution 0day

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt [+] ISR: ApparitionSec [+] Zero Day Initiative Program [Vendor] www.microsoft.com

[FD] X41 D-Sec GmbH Security Advisory X41-2018-009: ReDoS Vulnerability in UA-Parser

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 X41 D-SEC GmbH Security Advisory: X41-2018-009 ReDoS Vulnerability in UA-Parser Severity Rating: Medium Confirmed Affected Versions: 2015-05-14 and newer, commit 6fd6c261274254bcbbacd77ef4b12534c7f9923d Confirmed