Monthly Archive: May 2018

XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. Date published : 2018-05-02 http://seclists.org/fulldisclosure/2018/May/6 http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Date published : 2018-05-02 http://seclists.org/fulldisclosure/2018/May/5 http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). Date published : 2018-05-02 http://seclists.org/fulldisclosure/2018/May/4 http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. Date published : 2018-05-02 https://garrettmiller.github.io/meross-mss110-vuln/

Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. Date published : 2018-05-02 http://seclists.org/fulldisclosure/2018/May/3 http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code...

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional...

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to...

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper...

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker...

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief...

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief...

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for...

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker...