[FD] SEC Consult SA-20190205-0 :: Multiple vulnerabilities in OSCI-Transport Library 1.2 for German e-Government

A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory < 20190205-0 > === title: Multiple vulnerabi

[FD] [Multiple CVE] - Cisco Identity Services Engine unauth stored XSS to RCE as root

Hi, On January 20th, SSD disclosed 3 vulnerabilities found by Agile Information Security in their Cisco Identity Services Engine (ISE) product. These are unauth stored XSS, unsafe Java deserialization and privesc to root, which when combined allow an unauthenticated attacker to achieve remote cod

[FD] DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DSA-2019-010: Dell EMC VNX2 Family OS Command Injection Vulnerability Dell EMC Identifier: DSA-2019-010 CVE Identifier: CVE-2019-3704 Severity Rating: CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected products: D

[FD] Forminator 1.5.4 - Unauthenticated Persistent XSS, Blind SQL Injection (WordPress Plugin)

* Vulnerability: Unauthenticated Persistent XSS, Blind SQL Injection * Affected Software: [Forminator](https://wordpress.org/plugins/forminator/) * Affected Version: 1.5.4 * Patched Version: 1.6 * CVE: not requested * Risk: High * Vendor Contacted: 11/25/2018 * Vendor Fix: 12/10/201

[FD] Quiz And Survey Master 6.0.4 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [Quiz And Survey Master](https://wordpress.org/plugins/quiz-master-next/) * Affected Version: 6.0.4 * Patched Version: none * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: none * Public Disclosure: 02/05/20

[FD] Blog2Social 5.0.2 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [Blog2Social](https://wordpress.org/plugins/blog2social/) * Affected Version: 5.0.2 * Patched Version: 5.0.3 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: 11/13/2018 * Public Disclosure: 02/05/2019 * Cr

[FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)

* Vulnerability: XSS & CSRF * Affected Software: [Contact Form Email](https://wordpress.org/plugins/contact-form-to-email/) * Affected Version: 1.2.65 * Patched Version: 1.2.66 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/31/2018 * Vendor Fix: 10/31/2018 * Public Dis

[FD] Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [Font_Organizer](https://wordpress.org/plugins/font-organizer/) * Affected Version: 2.1.1 * Patched Version: none * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: none * Public Disclosure: 02/05/2019 * Cre

[FD] Give 2.3.0 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [Give](https://wordpress.org/plugins/give/) * Affected Version: 2.3.0 * Patched Version: 2.3.1 * CVE: not requested * Risk: Medium * Vendor Contacted: 11/24/2018 * Vendor Fix: 12/13/2018 * Public Disclosure: 02/05/2019 * Credit: Tim Coen

[FD] CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open

We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance Charlotte Suites. All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology, science, robotics or any related field are invited to submit a

[FD] KingComposer 2.7.6 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [KingComposer](https://wordpress.org/plugins/kingcomposer/) * Affected Version: 2.7.6 * Patched Version: none * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: none * Public Disclosure: 02/05/2019 * Credit:

[FD] NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [NextScripts: Social Networks Auto-Poster](https://wordpress.org/plugins/social-networks-auto-poster-facebook-twitter-g/) * Affected Version: 4.2.7 * Patched Version: 4.2.8 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 *

[FD] wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [wpGoogleMaps](https://wordpress.org/plugins/wp-google-maps/) * Affected Version: 7.10.41 * Patched Version: 7.10.43 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: 10/31/2018 * Public Disclosure: 02/05/201

[FD] WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [WP Live Chat Support](https://wordpress.org/plugins/wp-live-chat-support/) * Affected Version: 8.0.18 * Patched Version: * CVE: not requested * Risk: Medium * Vendor Contacted: 10/31/2018 * Vendor Fix: 11/01/2018 * Public Disclosure: 02/0

[FD] YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)

* Vulnerability: XSS * Affected Software: [YOP Poll](https://wordpress.org/plugins/yop-poll/) * Affected Version: 6.0.2 * Patched Version: 6.0.3 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/25/2018 * Vendor Fix: 11/26/2018 * Public Disclosure: 02/05/2019 * Credit: