Security News

DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities

Full Disclosure - 10 hours 37 min ago

Posted by secure on Sep 21

DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-152

CVE Identifier: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075

Severity: Medium

Severity Rating: View the details below for the individual CVSS Score for each CVE.

Affected Products:
• RSA Authentication Manager versions prior to 8.3 Patch 3
RSA Authentication Manager web-tier server versions prior to 8.3 Patch 3
•...

[CVE-2018-13140] Antidote Remote Code Execution against the update component

Full Disclosure - 10 hours 37 min ago

Posted by Sysdream Labs on Sep 21

# [CVE-2018-13140] Antidote Remote Code Execution against the update
component

## Description

Antidote is a spell checker software for Windows, Linux macOS operating
system.

**Threat**

The application is affected by a remote code execution against the
update component. It leads to code execution with high privileges
against the targeted system.

**Expectation**

Network operations like an update component should be held through
encrypted...

[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin

Bug Traq - 22 hours 57 min ago

Posted by come2waraxe on Sep 20

[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin
================================================================================

Author: Janek Vind "waraxe"
Date: 20. September 2018
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-107.html

Target description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FV Player is a free, easy-to-use, and complete solution for...

AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade

Bug Traq - 23 hours ago

Posted by Asterisk Security Team on Sep 20

Asterisk Project Security Advisory - AST-2018-009

Product Asterisk
Summary Remote crash vulnerability in HTTP websocket upgrade
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

[SECURITY] [DSA 4298-1] hylafax security update

Bug Traq - 23 hours 3 min ago

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4298-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : hylafax
CVE ID : CVE-2018-17141

Luis Merino,...

DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities

Full Disclosure - 20 September, 2018 - 19:42

Posted by secure on Sep 20

DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-152

CVE Identifier: CVE-2018-11073, CVE-2018-11074, CVE-2018-11075

Severity: Medium

Severity Rating: View the details below for the individual CVSS Score for each CVE.

Affected Products:
• RSA Authentication Manager versions prior to 8.3 Patch 3
RSA Authentication Manager web-tier server versions prior to 8.3 Patch 3
•...

OPManager SQL Injection Vulnerability

Full Disclosure - 20 September, 2018 - 19:41

Posted by Murat Aydemir on Sep 20

I. VULNERABILITY
-------------------------
OPManager version 12.3, SQL Injection vulnerability

II. CVE REFERENCE
-------------------------
CVE-2018-17243

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
19/09/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.

VI....

X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty

Full Disclosure - 20 September, 2018 - 19:40

Posted by X41 D-Sec GmbH Advisories on Sep 20

X41 D-Sec GmbH Security Advisory: X41-2018-007

Multiple Vulnerabilities in mgetty
==================================

Overview
--------
Confirmed Affected Versions: 1.2.0
Patched Versions: 1.2.1
Vendor: mgetty
Vendor URL: http://mgetty.greenie.net
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty

Summary and Impact
------------------
Multiple issues have been...

X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX

Full Disclosure - 20 September, 2018 - 19:40

Posted by X41 D-Sec GmbH Advisories on Sep 20

X41 D-SEC GmbH Security Advisory: X41-2018-008

Multiple Vulnerabilities in HylaFAX
===================================

Overview
--------
Confirmed Affected Versions: HylaFAX 6.0.6, HylaFAX+ 5.6.0
Confirmed Patched Versions: HylaFAX 6.0.7, HylaFAX+ 5.6.1
Vendor: Hylafax, Hylafax+
Vendor URL: https://www.hylafax.org/, http://hylafax.sourceforge.net/
Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

Full Disclosure - 20 September, 2018 - 19:39

Posted by Manuel Garcia Cardenas on Sep 20

=============================================
MGC ALERT 2018-006
- Original release date: August 31, 2018
- Last revised: September 19, 2018
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2018-16299
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin Localize My Post 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------
This plugin...

WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion

Full Disclosure - 20 September, 2018 - 19:39

Posted by Manuel Garcia Cardenas on Sep 20

=============================================
MGC ALERT 2018-005
- Original release date: August 31, 2018
- Last revised: September 19, 2018
- Discovered by: Manuel García Cárdenas
- Severity: 9/10 (CVSS Base Score)
- CVE-ID: CVE-2018-16283
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion

II. BACKGROUND
-------------------------...

AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade

Full Disclosure - 20 September, 2018 - 16:00

Posted by Asterisk Security Team on Sep 20

Asterisk Project Security Advisory - AST-2018-009

Product Asterisk
Summary Remote crash vulnerability in HTTP websocket upgrade
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

OPManager SQL Injection Vulnerability

Bug Traq - 20 September, 2018 - 06:04

Posted by Murat Aydemir on Sep 20

I. VULNERABILITY
-------------------------
OPManager version 12.3, SQL Injection vulnerability

II. CVE REFERENCE
-------------------------
CVE-2018-17243

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
10/09/18 Vulnerability discovered
13/09/18 Vendor contacted
19/09/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Murat Aydemir from Biznet Bilisim A.S.

VI....

X41 D-Sec GmbH Security Advisory X41-2018-007: Multiple Vulnerabilities in mgetty

Bug Traq - 19 September, 2018 - 22:34

Posted by X41 D-Sec GmbH Advisories on Sep 19

X41 D-Sec GmbH Security Advisory: X41-2018-007

Multiple Vulnerabilities in mgetty
==================================

Overview
--------
Confirmed Affected Versions: 1.2.0
Patched Versions: 1.2.1
Vendor: mgetty
Vendor URL: http://mgetty.greenie.net
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty

Summary and Impact
------------------
Multiple issues have been...

X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX

Bug Traq - 19 September, 2018 - 22:31

Posted by X41 D-Sec GmbH Advisories on Sep 19

X41 D-SEC GmbH Security Advisory: X41-2018-008

Multiple Vulnerabilities in HylaFAX
===================================

Overview
--------
Confirmed Affected Versions: HylaFAX 6.0.6, HylaFAX+ 5.6.0
Confirmed Patched Versions: HylaFAX 6.0.7, HylaFAX+ 5.6.1
Vendor: Hylafax, Hylafax+
Vendor URL: https://www.hylafax.org/, http://hylafax.sourceforge.net/
Credit: X41 D-SEC GmbH, Luis Merino, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...

[HITB-Announce] #HITBSecConf2018PEK Call for CTF

Bug Traq - 19 September, 2018 - 22:28

Posted by Hafez Kamal on Sep 19

JD-HITB2018 Beijing CTF + Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and
2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win
cash prizes worth up to USD 2000, sponsored by DarkMatter!

The competition is co-organized by XCTF League and HITB and will be a mixed-style CTF competition, that includes both
Jeopardy style challenges and an...

[SECURITY] [DSA 4297-1] chromium-browser security update

Bug Traq - 19 September, 2018 - 00:53

Posted by Michael Gilbert on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
September 19, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser

Two vulnerabilities have been discovered...

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

Bug Traq - 18 September, 2018 - 22:42

Posted by Securify B.V. on Sep 18

------------------------------------------------------------------------
Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------
Remco Vermeulen, September 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was...

SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform

Bug Traq - 18 September, 2018 - 22:39

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20180918-0 >
=======================================================================
title: Remote Code Execution via PHP unserialize
product: Moodle - Open-source learning platform
vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
earlier unsupported versions
fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14
CVE...

DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities

Full Disclosure - 18 September, 2018 - 12:12

Posted by secure on Sep 18

DSA-2018-101: Dell EMC Unity Family Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-101

CVE Identifier: CVE-2018-1246, CVE-2018-1250, CVE-2018-1251

Severity Rating: CVSS v3 Base Score: See below for individual CVEs

Affected products:
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027
Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027

Summary:
Dell EMC Unity requires an...
Syndicate content