[FD] LANCOM WLAN Controller - Multiple Cross Site Vulnerabilities

2020-05-08 Thread Vulnerability Lab
Document Title: === LANCOM WLAN Controller - Multiple Cross Site Vulnerabilities References (Source): https://www.vulnerability-lab.com/get_content.php?id=2196 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2020/05/07/vulnerability-lancom-sy

[FD] Tiny MySQL - Cross Site Scripting Vulnerability

2020-05-08 Thread ad...@evolution-sec.com
Document Title: === Tiny MySQL - Cross Site Scripting Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2252 Release Date: = 2020-05-07 Vulnerability Laboratory ID (VL-ID):

[FD] Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability

2020-05-08 Thread ad...@evolution-sec.com
Document Title: === Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2251 Release Date: = 2020-05-07 Vulnerability Laboratory ID (VL-ID): ===

[FD] Creative Zone - (id) Remote SQL Injection Vulnerability

2020-05-08 Thread ad...@evolution-sec.com
Document Title: === Creative Zone - (id) Remote SQL Injection Vulnerability References (Source): https://www.vulnerability-lab.com/get_content.php?id=2250 Release Date: = 2020-05-07 Vulnerability Laboratory ID (VL-ID): =

[FD] Capstone 4.0.2 is out!

2020-05-08 Thread Nguyen Anh Quynh
Greetings, We are happy to announce version 4.0.2 of Capstone disassembler framework! This release fixes some bugs of v4.0.1, and introduces some improvements for several bindings. We strongly encourage all users of v4.0.1 to upgrade. In no particular order, we would like to thank Senrio.io and

[FD] ChopSlider3 Wordpress Plugin SQL Injection

2020-05-08 Thread Callum Murphy
ChopSlider3 Wordpress Plugin SQL Injection [-] Software Link: https://idangero.us/ https://github.com/idangerous/Plugins [-] Affected Versions: ChopSlider version 3

[FD] SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution

2020-05-08 Thread Jens Regel
Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3: 8.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H] CVE: CVE-2020-12

[FD] Webmin (Upload Module) Remote Command Injection Vulnerability

2020-05-08 Thread raki ben hamouda
Document Title: === Webmin 1.941 (Install Module) Remote Command Injection Vulnerability Common Vulnerability Scoring System: 8.5 Vulnerability Class: Command Injection Current Estimated Price: 2.0

[FD] DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal

2020-05-08 Thread xen1thLabs
XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal === Identifiers - * CVE-2020-11531 * XL-20-001 CVSSv3 score ---

[FD] DataSecurity Plus Xnode Server - Authentication Bypass

2020-05-08 Thread xen1thLabs
XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass === Identifiers - * CVE-2020-11532 * XL-20-002 CVSSv3 score ---

[FD] Asset Explorer Windows Agent - Remote Code Execution

2020-05-08 Thread xen1thLabs
XL-2020-003 - Asset Explorer Windows Agent - Remote Code Execution === Identifiers - * CVE-2020-8838 * XL-20-003 CVSSv3 score --