Security News

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 18 min 16 sec ago
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

Security Focus Vulnerabilities - 18 min 16 sec ago
[SECURITY] [DSA 4268-1] openjdk-8 security update

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

Security Focus Vulnerabilities - 18 min 16 sec ago
[SECURITY] [DSA 4267-1] kamailio security update

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

Security Focus Vulnerabilities - 18 min 16 sec ago
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 18 min 16 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers

Full Disclosure - 24 January, 2020 - 13:11

Posted by Błażej Adamczyk on Jan 24

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF
REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY
OTHER)

Blazej Adamczyk (br0x)
blazej.adamczyk () gmail com...

[UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857

Full Disclosure - 24 January, 2020 - 13:10

Posted by hyp3rlinx on Jan 24

Updated, exploit PoC had a check for an unused module was testing and
removed, had two versions but previously sent the wrong one.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.neowise.com

[Product]
CarbonFTP v1.4

CarbonFTP is a...

CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows

Full Disclosure - 24 January, 2020 - 13:10

Posted by Pentagrid AG on Jan 24

Local Privilege Escalation in many Ricoh Printer Drivers for Windows
(CVE-2019-19363)
======================================================================

Summary
--------

Pentagrid has been asked to manage the coordinated disclosure process
for a vulnerability that affects several Windows printer drivers for a
wide range of printers by the printer manufacture Ricoh. Due to
improperly set file permissions of file system entries...

Re: "Defending Forward" in time

Daily Dave - 24 January, 2020 - 11:08

Posted by John Lampe on Jan 24

imo, it's a general mentality that attackers have. I blogged about this 14
years ago and it seems still applicable today (
https://blogs.securiteam.com/index.php/archives/170 )

Indecision can stem from too little information or too much information.
The defender *should* have the ability to influence both of those...

John

"Defending Forward" in time

Daily Dave - 24 January, 2020 - 10:28

Posted by Dave Aitel on Jan 24

So I went to S4 this week, which is a good conference here in Miami Beach,
mostly about hacking/protecting utilities and other critical infrastructure
components. But I had the good fortune to run into a friend
<https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met before.
Anyways, they were telling me about how some Android State surveillance
spyware installed at the border on everyone's phone looked for some file...

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001

Bug Traq - 23 January, 2020 - 23:02

Posted by Carlos Alberto Lopez Perez on Jan 23

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
------------------------------------------------------------------------

Date reported : January 23, 2020
Advisory ID : WSA-2020-0001
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0001.html
WPE WebKit Advisory URL :...

[SECURITY] [DSA 4609-1] python-apt security update

Bug Traq - 23 January, 2020 - 22:58

Posted by Moritz Muehlenhoff on Jan 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4609-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 23, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-apt
CVE ID : CVE-2019-15795 CVE-2019-15796...

SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS

Bug Traq - 23 January, 2020 - 09:42

Posted by SEC Consult Vulnerability Lab on Jan 23

SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >
=======================================================================
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: version 8.5
CVE number: CVE-2020-7210
impact: medium
homepage: https://umbraco.com/
found: October 2019...

SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS

Full Disclosure - 23 January, 2020 - 09:32

Posted by SEC Consult Vulnerability Lab on Jan 23

SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >
=======================================================================
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: version 8.5
CVE number: CVE-2020-7210
impact: medium
homepage: https://umbraco.com/
found: October 2019...

SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

Bug Traq - 22 January, 2020 - 08:12

Posted by SEC Consult Vulnerability Lab on Jan 22

SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >
=======================================================================
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 11.0 Build 11010
CVE number: CVE-2020-6843
impact: medium
homepage: https://www.manageengine.com/products/service-desk/...

SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

Full Disclosure - 22 January, 2020 - 06:09

Posted by SEC Consult Vulnerability Lab on Jan 22

SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >
=======================================================================
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 11.0 Build 11010
CVE number: CVE-2020-6843
impact: medium
homepage: https://www.manageengine.com/products/service-desk/...

[REVIVE-SA-2020-001] Revive Adserver Vulnerability

Bug Traq - 22 January, 2020 - 02:10

Posted by Matteo Beccati on Jan 21

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...

[SECURITY] [DSA 4608-1] tiff security update

Bug Traq - 22 January, 2020 - 02:06

Posted by Moritz Muehlenhoff on Jan 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4608-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
CVE ID : CVE-2019-14973 CVE-2019-17546...

CarolinaCon CFP

Full Disclosure - 21 January, 2020 - 13:24

Posted by CarolinaCon on Jan 21

CarolinaCon16 will be hosted in Charlotte, North Carolina at the Embassy
Suites, April 10th through the 11th. All interested in speaking in the
realm of hacking, technology, science, robotics or any other related
field are invited to submit a proposal to speak at the Con. A proposal
should include the following:

* Name or handle/alias
* Presentation name
* A brief abstract, 1-2 paragraphs
* An estimated time-length of your...

[REVIVE-SA-2020-001] Revive Adserver Vulnerability

Full Disclosure - 21 January, 2020 - 13:23

Posted by Matteo Beccati via Fulldisclosure on Jan 21

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...
Syndicate content