Monthly Archive: November 2020

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL...

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of...

Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a...

Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN...

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. Date published...

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. Date published : 2020-11-30 http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cross-Site-Scripting.html https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to...

The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the...

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. Date published :...

An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. Date published : 2020-11-30 http://advsys.net/ken/utils.htm http://www.jonof.id.au/kenutils.html

In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. Date published : 2020-11-30 https://github.com/aslanemre/CVE-2020-29364/blob/main/CVE-2020-29364 https://www.netartmedia.net/newslister

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges...

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. Date published : 2020-11-30 http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. Date published : 2020-11-30 http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0