Security News

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 24 min 49 sec ago
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

Security Focus Vulnerabilities - 24 min 49 sec ago
[SECURITY] [DSA 4268-1] openjdk-8 security update

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

Security Focus Vulnerabilities - 24 min 49 sec ago
[SECURITY] [DSA 4267-1] kamailio security update

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

Security Focus Vulnerabilities - 24 min 49 sec ago
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 24 min 49 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Reflected XSS – HRworks Login (v1.16.1)

Full Disclosure - 20 September, 2019 - 13:08

Posted by Georg Ph E Heise via Fulldisclosure on Sep 20

# Exploit Title: Reflected XSS – HRworks Login (v1.16.1)

# Vendor Homepage: https://www.hrworks.de

# Exploit Author: Georg Philipp Erasmus Heise / Lufthansa Industry Solutions

# Contact: https://twitter.com/gpheheise

# Website: https://www.lufthansa-industry-solutions.com

# Category: webapps

# CVE: CVE-2019-11559

Timeline

26.04.2019 Disclosure to Vendor

29.04.2019 Vendor informed that the issue was remediated

17.09.2019 Publication...

[SECURITY] [DSA 4526-1] opendmarc security update

Bug Traq - 20 September, 2019 - 03:16

Posted by Salvatore Bonaccorso on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4526-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opendmarc
CVE ID : CVE-2019-16378
Debian Bug :...

[SECURITY] [DSA 4527-1] php7.3 security update

Bug Traq - 20 September, 2019 - 03:13

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4527-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039...

[SECURITY] [DSA 4528-1] bird security update

Bug Traq - 20 September, 2019 - 03:09

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4528-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bird
CVE ID : CVE-2019-16159

Daniel McCarney...

[SECURITY] [DSA 4525-1] ibus security update

Bug Traq - 19 September, 2019 - 01:49

Posted by Salvatore Bonaccorso on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4525-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ibus
CVE ID : CVE-2019-14822
Debian Bug :...

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF

Bug Traq - 18 September, 2019 - 09:03

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF

Full Disclosure - 18 September, 2019 - 06:06

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

Re: Longer form questions

Daily Dave - 17 September, 2019 - 16:03

Posted by Andre Gironda on Sep 17

Daemonlogger + Zeek Intelligence Framework for sightings. Doesn't need TLS
secrets. Doesn't need high availability or to run inline. The sensors tell
you what they see and where and when they saw it. No need to block. No need
to "detect". No signatures at all (just a living watchlist). No AI/ML. No
modification of traffic. No huge concern if an APT, skiddie, or admin
crashes it (it's receive-only on the Daemonlogger...

[SECURITY] [DSA 4524-1] dino-im security update

Bug Traq - 17 September, 2019 - 02:22

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dino-im
CVE ID : CVE-2019-16235 CVE-2019-16236...

[slackware-security] expat (SSA:2019-259-01)

Bug Traq - 17 September, 2019 - 02:19

Posted by Slackware Security Team on Sep 17

[slackware-security] expat (SSA:2019-259-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.2.8-i586-1_slack14.2.txz: Upgraded.
Fix heap overflow triggered by XML_GetCurrentLineNumber (or
XML_GetCurrentColumnNumber), and deny internal entities closing the doctype.
For more...

[SECURITY] [DSA 4523-1] thunderbird security update

Bug Traq - 16 September, 2019 - 02:26

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4523-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11739 CVE-2019-11740...

[SECURITY] [DSA 4522-1] faad2 security update

Bug Traq - 16 September, 2019 - 02:24

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : faad2
CVE ID : CVE-2018-19502 CVE-2018-19503...

SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey

Bug Traq - 16 September, 2019 - 02:20

Posted by SEC Consult Vulnerability Lab on Sep 16

SEC Consult Vulnerability Lab Security Advisory < 20190912-0 >
=======================================================================
title: Stored and reflected XSS vulnerabilities
product: LimeSurvey
vulnerable version: <= 3.17.13
fixed version: =>3.17.14
CVE number: CVE-2019-16172, CVE-2019-16173
impact: medium
homepage: https://www.limesurvey.org/...

Insecure tmpdir() use in dbtoepub.rb in docbook / xslt10-stylesheets

Full Disclosure - 13 September, 2019 - 02:55

Posted by Shlomi Fish on Sep 13

See:

https://github.com/docbook/xslt10-stylesheets/pull/144

«
See https://ruby-doc.org/stdlib-2.0.0/libdoc/tmpdir/rdoc/Dir.html -
tmpdir returns the same value everytime and as a result the tmpdirs can
be identical or existing.

SECURITY!

Thanks to phaul from #ruby .
»

There is a patch that seems to work well in the mageia linux package, but
no PoC exploit.

Piwigo - Version 2.9.5 [CVE-2019-13363, CVE-2019-13364 ]

Full Disclosure - 13 September, 2019 - 02:54

Posted by rant on Sep 13

=====[ Tempest Security Intelligence - ADV-03/2019
]==========================

Piwigo - Version 2.9.5

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================
 * Overview
 * Detailed description
 * Timeline of disclosure
 * Thanks & Acknowledgments
 * References

=====[ Vulnerability...
Syndicate content