[FD] Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

I. VULNERABILITY - Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE - CVE-2018-11027 III. VENDOR HOMEPAGE - https://www.ruckuswireless.com IV. DESCRIPTION - Ruckus (Broc

[FD] JDA Connect Multiple Critical Vulnerabilities

Introduction Multiple critical vulnerabilities were identified in JDA Connect. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Affected Software and Versions ==

[FD] JDA Warehouse Management System (WMS) Multiple Critical Vulnerabilities

Introduction = Multiple critical vulnerabilities were identified in JDA Warehouse management system (WMS). The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Affected Software and Versions ===

[FD] NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability

NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability == Advisory: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Author: M3@pandas From DBAppSecurity Affected Version: All == Vulnerability Description ==

[FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: -- "machform" inurl:

[FD] DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities EMC Identifier: DSA-2018-095 CVE Identifier: CVE-2018-1235, CVE-2018-1241, CVE-2018-1242 Severity Rating: CVSS Base Score: See below for CVSSv3 Scores. Affected products: Dell EMC Reco

[FD] Reptile: a LKM rootkit written for evil purposes

Features: - Supported Linux kernel versions: 2.6.x/3.x/4.x - Give root to unprivileged users - Hide files and directories - Hide files contents - Hide processes - Hide himself - Hidden boot persistence - ICMP/UDP/TCP port-knocking backdoor - Full TTY/PTY shell with file transfer - Client to handle

[FD] Android OS Didn’t use FLAG_SECURE for Sensitive Settings [CVE-2017-13243]

[Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use-flag_secure-for-sensitive-settings-cve-2017-13243/] SUMMARY Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device wi

[FD] Qualys Security Advisory - Procps-ng Audit Report

Qualys Security Advisory Procps-ng Audit Report Contents Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege

[FD] [CVE-2018-1418] IBM QRadar SIEM unauthenticated remote code execution as root

Hi all, 3 vulns in IBM QRadar SIEM that when chained allow an attacker to achieve unauthenticated RCE as root on the QRadar host. IBM have only attributed on CVE for all 3 vulns, and they have a combined CVSS score of 5.6. So totally own a SIEM = 5.6 CVSS. Sounds right to me. A special thanks t

[FD] Dolibarr XSS Injection vulnerability

# [CVE-2018-10095] Dolibarr XSS Injection vulnerability ## Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through [GitHub](https://github.com/Dolibarr/dolibarr) or as distribution packages (e.g .deb package). **Threat** The ap

[FD] [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability

# [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability ## Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through [GitHub](https://github.com/Dolibarr/dolibarr) or as distribution packages

[FD] [CVE-2018-10094] Dolibarr SQL Injection vulnerability

# [CVE-2018-10094] Dolibarr SQL Injection vulnerability ## Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through [GitHub](https://github.com/Dolibarr/dolibarr) or as distribution packages (e.g .deb package). **Threat** The ap

[FD] Authentication Bypass in Accellion Kiteworks

[Suggested description] > Authentication Bypass vulnerability in Accellionkiteworks before > 2017.01.00 allows remote attackers to executecertain API calls on > behalf of a web user using a gathered token via aPOST request to > /oauth/token. > > -

[FD] WindScribe VPN 1.81 Privilege Escalation

Vulnerability Details: WindScribe VPN uses OpenVPN client for connections. Also it creates a system process named WindScribeService.exe This process (WindScribeService.exe) establishes a NamedPipe endpoint that allows WindScribe VPN process to connect and execute OpenVPN process or other processes

[FD] taglib 1.11.1 vuln

taglib vulnerability Author : Webin security lab - dbapp security Ltd === Introduction: = TagLib Audio Meta-Data Library http://taglib.org/ TagLib is a library for reading and editing the meta-data of several popular audio formats. Currently it supports

[FD] MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa @metalamin Google dork examples: -- "machform" inurl:"view.php