SOLDIERX.COM Nobody Can Stop Information Insemination

OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

Posted by Timo Lindfors on Mar 19

CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error
-------------------------------------------------------------------------

Affected products
=================

The SAML SSO addon in Artifactory 6.5.9 is vulnerable.
The SAML SSO addon in Artifactory 6.5.13 is NOT vulnerable.

Other versions were not tested.

Background
==========

"Artifactory offers a SAML-based Single Sign-On service allowing
federated...

Posted by (RS) Tyler Schroder via Fulldisclosure on Mar 19

=============================================

2FA & macOS Disk Encryption Bypass in Abine Blur 7.24*

=============================================

Topic: Abine Blur Password Manager Insecure Permissions

* Announced: 2019-03-18

* Credits: RS Tyler Schroder

* Affects: 7.8.242*

* Corrected: 2018-03-18

* Corrected V: 8.0.2478

* CVE Name: CVE-2019-6481

I. Background

Abine Blur is a...

Posted by Henri Salo on Mar 19

Good research work Manuel. Keep up the good work! =)

In case of WordPress plugins your solution is not correct. This vulnerability
can be exploited even plugin is disabled. Plugin must be deleted in order to
mitigate this.

Posted by Dave Aitel on Mar 19

It's almost INFILTRATE dry-run time! Some part of me prefers the slow pace
of two talks a day to the firehose that is a one-track focused conference
where each speaker has been told to not walk us through the basics. This is
the balance of "We liked a ton more talks than we have slots" and "my brain
hurts".

Because there's about a thousand conferences now, there's also so many
talks you could do nothing but...

Posted by Slackware Security Team on Mar 19

[slackware-security] libssh2 (SSA:2019-077-01)

New libssh2 packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded.
Fixed several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855...

Posted by Moritz Muehlenhoff on Mar 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4409-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : neutron
CVE ID : CVE-2019-9735

Erik Olof Gunnar...

Posted by Anti Räis on Mar 17

Gitea 1.7.3 stored HTML injection (XSS)
#######################################

Information
===========

Name: Gitea 1.7.0 - 1.7.3 stored HTML injection
Software: Gitea - a self-hosted Git service
Homepage: https://gitea.io/
Vulnerability: stored HTML injection
Affected: 1.7.0 - 1.7.3
Tested: 1.7.2, 1.7.3
Fixed: 1.7.4
Prerequisites: edit repository settings
Severity: low
CVE: NA

Credit:...

Posted by Moritz Muehlenhoff on Mar 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4408-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : liblivemedia
CVE ID : CVE-2019-6256 CVE-2019-7314...

[SECURITY] [DSA 4269-1] postgresql-9.6 security update

[SECURITY] [DSA 4268-1] openjdk-8 security update

[SECURITY] [DSA 4267-1] kamailio security update

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Matthias Deeg on Mar 16

Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: CVE-2019-9835
Author of Advisory: Matthias Deeg...

Posted by Jaroslav Lobačevski on Mar 16

https://packagist.org/packages/joshcam/mysqli-database-class aka
https://github.com/ThingEngineer/PHP-MySQLi-Database-Class v2.9.2 is
vulnerable to SQL injection in functon Where() because of special
"forkaround" at line 971
<https://github.com/ThingEngineer/PHP-MySQLi-Database-Class/blob/eaf1f6cc387c8464ea6a9221fb308669beed3a63/MysqliDb.php#L971>

If $whereValue happens to be an array, key value is used as $operator to
build...

Posted by Fernando Gont on Mar 16

Folks,

It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
possible.

So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as
much of...

Posted by David Coomber on Mar 16

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

Posted by hyp3rlinx on Mar 16

Added a few things I had previously left out that should have been
mentioned earlier.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can...

Posted by Manuel Garcia Cardenas on Mar 16

=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------...