[FD] DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities Dell EMC Identifier: DSA-2018-018 CVE Identifier: CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213 Sev

[FD] ES2018-05 Kamailio heap overflow

# Off-by-one heap overflow in Kamailio - Authors: - Alfred Farrugia - Sandro Gauci - Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7 - References: no CVE assigned yet - Enable Security Advisory:

[FD] ModSecurity WAF 3.0 for Nginx - Denial of Service

Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vector(s). /* * 1. Use-After-Free (UAF) */ During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWA

[FD] Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal

Hey, The Path Traversal vulnerability was found in the component of the Bomgar Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar applet that is hosted at https://TARGET/api/content/JavaStart.jar on the vulnerable RSP deployments. The JavaStart version 52970 and prior were

[FD] Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation

Hey, The Local Privilege Escalation vulnerability was found in the Kaseya Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a Windows service that periodically executes various programs with “NT AUTHORITY\SYSTEM” privileges. In the Kaseya's default configuration, Windows u

[FD] LDAP Account Manager (6.2) CVE-2018-8763, CVE-2018-8764

Affected Software: LDAP Account Manager (6.2) Pentester: Michał Kędzior CVE: CVE-2018-8763, CVE-2018-8764 Vulnerabilities : * 1. Cross-site scripting (reflected) CVE-2018-8763 : Risk: HIGH Summary: *** Reflected Cross Site Scripting vu

[FD] New release: UFONet v1.0 "TachY0n!"

Hi FD, I am glad to present a new release of this tool: - https://ufonet.03c8.net "UFONet - is a tool designed to launch Layer 7 (HTTP/Web Abuse) DDoS & DoS attacks." See these links for more info: - CWE-601:Open Redirect [1] - OWASP:URL Redirector Abuse [2] - Main options are: