Security News
DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
Posted by secure on Sep 21
DSA-2018-152: RSA® Authentication Manager Multiple VulnerabilitiesDell EMC Identifier: DSA-2018-152
CVE Identifier: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075
Severity: Medium
Severity Rating: View the details below for the individual CVSS Score for each CVE.
Affected Products:
• RSA Authentication Manager versions prior to 8.3 Patch 3
RSA Authentication Manager web-tier server versions prior to 8.3 Patch 3
•...
[CVE-2018-13140] Antidote Remote Code Execution against the update component
Posted by Sysdream Labs on Sep 21
# [CVE-2018-13140] Antidote Remote Code Execution against the updatecomponent
## Description
Antidote is a spell checker software for Windows, Linux macOS operating
system.
**Threat**
The application is affected by a remote code execution against the
update component. It leads to code execution with high privileges
against the targeted system.
**Expectation**
Network operations like an update component should be held through
encrypted...
[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin
Posted by come2waraxe on Sep 20
[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin================================================================================
Author: Janek Vind "waraxe"
Date: 20. September 2018
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-107.html
Target description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FV Player is a free, easy-to-use, and complete solution for...
AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
Posted by Asterisk Security Team on Sep 20
Asterisk Project Security Advisory - AST-2018-009Product Asterisk
Summary Remote crash vulnerability in HTTP websocket upgrade
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
[SECURITY] [DSA 4298-1] hylafax security update
Posted by Moritz Muehlenhoff on Sep 20
-------------------------------------------------------------------------Debian Security Advisory DSA-4298-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : hylafax
CVE ID : CVE-2018-17141
Luis Merino,...
DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
Posted by secure on Sep 20
DSA-2018-152: RSA® Authentication Manager Multiple VulnerabilitiesDell EMC Identifier: DSA-2018-152
CVE Identifier: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075
Severity: Medium
Severity Rating: View the details below for the individual CVSS Score for each CVE.
Affected Products:
• RSA Authentication Manager versions prior to 8.3 Patch 3
RSA Authentication Manager web-tier server versions prior to 8.3 Patch 3
•...
OPManager SQL Injection Vulnerability
Posted by Murat Aydemir on Sep 20
I. VULNERABILITY-------------------------
OPManager version 12.3, SQL Injection vulnerability
II. CVE REFERENCE
-------------------------
CVE-2018-17243
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
19/09/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.
VI....
X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty
Posted by X41 D-Sec GmbH Advisories on Sep 20
X41 D-Sec GmbH Security Advisory: X41-2018-007Multiple Vulnerabilities in mgetty
==================================
Overview
--------
Confirmed Affected Versions: 1.2.0
Patched Versions: 1.2.1
Vendor: mgetty
Vendor URL: http://mgetty.greenie.net
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Summary and Impact
------------------
Multiple issues have been...
X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX
Posted by X41 D-Sec GmbH Advisories on Sep 20
X41 D-SEC GmbH Security Advisory: X41-2018-008Multiple Vulnerabilities in HylaFAX
===================================
Overview
--------
Confirmed Affected Versions: HylaFAX 6.0.6, HylaFAX+ 5.6.0
Confirmed Patched Versions: HylaFAX 6.0.7, HylaFAX+ 5.6.1
Vendor: Hylafax, Hylafax+
Vendor URL: https://www.hylafax.org/, http://hylafax.sourceforge.net/
Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
Posted by Manuel Garcia Cardenas on Sep 20
=============================================MGC ALERT 2018-006
- Original release date: August 31, 2018
- Last revised: September 19, 2018
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2018-16299
=============================================
I. VULNERABILITY
-------------------------
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
II. BACKGROUND
-------------------------
This plugin...
WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion
Posted by Manuel Garcia Cardenas on Sep 20
=============================================MGC ALERT 2018-005
- Original release date: August 31, 2018
- Last revised: September 19, 2018
- Discovered by: Manuel García Cárdenas
- Severity: 9/10 (CVSS Base Score)
- CVE-ID: CVE-2018-16283
=============================================
I. VULNERABILITY
-------------------------
WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion
II. BACKGROUND
-------------------------...
AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
Posted by Asterisk Security Team on Sep 20
Asterisk Project Security Advisory - AST-2018-009Product Asterisk
Summary Remote crash vulnerability in HTTP websocket upgrade
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
OPManager SQL Injection Vulnerability
Posted by Murat Aydemir on Sep 20
I. VULNERABILITY-------------------------
OPManager version 12.3, SQL Injection vulnerability
II. CVE REFERENCE
-------------------------
CVE-2018-17243
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
19/09/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.
VI....
X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty
Posted by X41 D-Sec GmbH Advisories on Sep 19
X41 D-Sec GmbH Security Advisory: X41-2018-007Multiple Vulnerabilities in mgetty
==================================
Overview
--------
Confirmed Affected Versions: 1.2.0
Patched Versions: 1.2.1
Vendor: mgetty
Vendor URL: http://mgetty.greenie.net
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Summary and Impact
------------------
Multiple issues have been...
X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX
Posted by X41 D-Sec GmbH Advisories on Sep 19
X41 D-SEC GmbH Security Advisory: X41-2018-008Multiple Vulnerabilities in HylaFAX
===================================
Overview
--------
Confirmed Affected Versions: HylaFAX 6.0.6, HylaFAX+ 5.6.0
Confirmed Patched Versions: HylaFAX 6.0.7, HylaFAX+ 5.6.1
Vendor: Hylafax, Hylafax+
Vendor URL: https://www.hylafax.org/, http://hylafax.sourceforge.net/
Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...
[HITB-Announce] #HITBSecConf2018PEK Call for CTF
Posted by Hafez Kamal on Sep 19
JD-HITB2018 Beijing CTF + Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win
cash prizes worth up to USD 2000, sponsored by DarkMatter!
The competition is co-organized by XCTF League and HITB and will be a mixed-style CTF competition, that includes both
Jeopardy style challenges and an...
[SECURITY] [DSA 4297-1] chromium-browser security update
Posted by Michael Gilbert on Sep 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4297-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
September 19, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : chromium-browser
Two vulnerabilities have been discovered...
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
Posted by Securify B.V. on Sep 18
------------------------------------------------------------------------Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, September 2018
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was...
SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform
Posted by SEC Consult Vulnerability Lab on Sep 18
SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...
DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities
Posted by secure on Sep 18
DSA-2018-101: Dell EMC Unity Family Multiple VulnerabilitiesDell EMC Identifier: DSA-2018-101
CVE Identifier: CVE-2018-1246, CVE-2018-1250, CVE-2018-1251
Severity Rating: CVSS v3 Base Score: See below for individual CVEs
Affected products:
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027
Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027
Summary:
Dell EMC Unity requires an...
