SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Marcin Kozlowski on Oct 30

Hi list,

Debugged this issue, but somehow cannot trigger the crash in Chrome.

Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)

Anybody had sucess witht this bug? Feel free to reply here or DM.

My notes:

https://github.com/marcinguy/CVE-2020-15999

Thanks,

Posted by Dave Aitel via Dailydave on Oct 30

Happy Friday! For those of you who enjoy laughing at my video editing job
or want to learn about how big companies do vulnerability management "at
scale" or what the alternatives are to CVSS, we've recently published a new
fifteen minute video: https://vimeo.com/473562240 .

-dave

Posted by Vulnerability Lab on Oct 29

Title: German armed forces launch security vulnerability disclosure program

Source:
https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program

Reference:
https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242

Posted by Julien Ahrens (RCE Security) on Oct 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25204

2....

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

[SECURITY] [DSA 4633-1] curl security update

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Local information disclosure in OpenSMTPD (CVE-2020-8793)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Kevin R on Oct 23

files through a TFTP GET request

Use CVE-2020-24990.

Posted by Nguyen Anh Quynh on Oct 23

Greetings!

We are very happy to announce version 1.0.2 of Unicorn Emulator!

It has been more than 3.5 years since the last major update, and this
version marks 5 year of Unicorn. Such a long journey for an open
source project! That is really exciting to see our magical animal
having more and more impact in both academia community and the
cybersecurity industry.

This version fixes various issues of v1.0.1, adds some new API and
introduces more...

Posted by SEC Consult Vulnerability Lab on Oct 23

SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
=======================================================================
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 2020.015
CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180,
CVE-2020-27181, CVE-2020-27182
impact:...

Posted by Vulnerability Lab on Oct 22

Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Link:
https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw

Posted by RedTeam Pentesting GmbH on Oct 21

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.

Details
=======

Product: BigBlueButton...

Posted by Pedro Cunha on Oct 20

I don't see how this is an "on-purpose backdoor". As far as I know, this
feature is used so you can install Android apps on your phone via the web
interface on another device (like a desktop) logged into the same Google
account, via the Play Store.

Posted by Michael Lazin on Oct 20

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission. Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP. If you don't
want to...

Posted by Ryan Wincey on Oct 20

Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability

References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp

Release Date:

=============

2020-10-20

Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers...

Posted by Adrian Sanabria on Oct 20

If I recall correctly, iOS and MacOS work in much the same way. They can
push and remove software from devices at will. There are precedents of
Google and Apple using this power, generally to get rid of malware that
made it past app store detection and review mechanisms.

This isn't anything new and it has been standardized across both major
mobile platforms. Of course, that doesn't mean there aren't legal
implications, I'm...

Posted by Dave Aitel via Dailydave on Oct 19

It's MONDAY, and I wanted to send over the shorts we did with Chris Eng and
Ben Edwards. I think there's a lot of value in a robust question and answer
session with paper authors. Too often papers are supposed to stand on their
own without any real discussion.

(PHP IS DOUBLE PLUS UNGOOD)
https://vimeo.com/457850389/373c907909

(CVSS, an INTRODUCTION TO FAIL)
https://vimeo.com/454453494/330060fbb2

(XXE)
https://vimeo.com/464273744...

Posted by RedTeam Pentesting GmbH on Oct 19

Advisory: FRITZ!Box DNS Rebinding Protection Bypass

RedTeam Pentesting discovered a vulnerability in FRITZ!Box router
devices which allows to resolve DNS answers that point to IP addresses
in the private local network, despite the DNS rebinding protection
mechanism.

Details
=======

Product: FRITZ!Box 7490 and potentially others
Affected Versions: 7.20 and below
Fixed Versions: >= 7.21
Vulnerability Type: Bypass
Security Risk: low
Vendor...