SOLDIERX.COM Nobody Can Stop Information Insemination

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

[SECURITY] [DSA 4633-1] curl security update

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Local information disclosure in OpenSMTPD (CVE-2020-8793)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Posted by Vladimir Bostanov on Mar 27

Advisory ID: SYSS-2019-047
Product: Micro Focus Vibe (formerly Novelle Vibe)
Manufacturer: Micro Focus International plc
Affected Version(s): 4.0.6
Tested Version(s): 4.0.6
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2019-11-07
Solution Date: 2020-03-24
Public Disclosure: 2020-03-25
CVE Reference: CVE-2020-9520
Author of Advisory: Dr. Vladimir Bostanov, SySS GmbH...

Posted by Vladimir Bostanov on Mar 27

Advisory ID: SYSS-2019-046
Product: Micro Focus Vibe (formerly Novelle Vibe)
Manufacturer: Micro Focus International plc
Affected Version(s): 4.0.6
Tested Version(s): 4.0.6
Vulnerability Type: HTML Injection (CWE-79)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification: 2019-11-07
Solution Date: 2020-03-24
Public Disclosure: 2020-03-25
CVE Reference: Not assigned
Author of Advisory: Dr. Vladimir Bostanov, SySS GmbH...

Posted by Stefan Kanthak on Mar 27

Hi @ll,

Microsoft still registers LOTS of DLLs (which implement COM classes,
cryptography service providers, services etc.) as well as command lines
with paths containing the (pre-defined) environment variables %windir%,
%SystemRoot%, %ProgramFiles%, %CommonProgramFiles%, %ProgramFiles(x86)%
and %CommonProgramFiles(x86)%.

For example, Windows Defender shipped with Windows Vista and newer versions
of Windows, installs a COM class which...

Posted by Stefan Kanthak on Mar 27

Hi @ll,

in September 2017, Microsoft relocated many executable files of Windows
Defender from the directory "%ProgramFiles%\Windows Defender\" to
"%ProgramData%\Microsoft\Windows Defender\platform\<version>\": see
<https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform>

JFTR: if Microsoft were only capable to understand English language and
notice the difference...

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2020-03-25-2 iCloud for Windows 7.18

iCloud for Windows 7.18 is now available and addresses the following:

libxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com

libxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking....

Posted by Apple Product Security via Fulldisclosure on Mar 27

APPLE-SA-2020-03-25-1 iCloud for Windows 10.9.3

iCloud for Windows 10.9.3 is now available and addresses the
following:

libxml2
Available for: Windows 10 and later via the Microsoft Store
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com

libxml2
Available for: Windows 10 and later via the Microsoft Store
Impact: Multiple issues in libxml2
Description: A buffer...

Posted by Pedro Ribeiro on Mar 27

Hi,

Here's a fun one I have been working on for some time.
tl;dr IBM PA / TM1, dating back to 2014, maybe 2009 is vulnerable to a unauthenticated configuration overwrite; this is
abused to "fake authenticate" to it, and finally execute code as root / SYSTEM using TM1 scripting.

Advisory below, permalink in:
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/ibm-tm1-rce.txt

Exploit:...

Posted by Levon Kayan on Mar 27

Howdy,

We've just released nullscan v1.0.0, a modular framework designed to
chain and automate security tests. It's a beast and highly recommended
to learn and use it. :)

Here are some details:

[ Description ]

A modular framework designed to chain and automate security tests. It
parses target definitions from the command line and runs corresponding
modules and their nullscan-tools afterwards. It can also take hosts and
start nmap...

Posted by Georg Ph E Heise via Fulldisclosure on Mar 27

codeBeamer – Stored Cross-Site Scripting

===============================================================================

Identifiers

-------------------------------------------------

* CVE-2019-19913

CVSSv3 score

-------------------------------------------------

6.4
([AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H&version=3.1))

Vendor...

Posted by Georg Ph E Heise via Fulldisclosure on Mar 27

codeBeamer – Stored Cross-Site Scripting

===============================================================================

Identifiers

-------------------------------------------------

* CVE-2019-19912

CVSSv3 score

-------------------------------------------------

6.4 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H)

Vendor

-------------------------------------------------

Intland – Codebeamer (https://codebeamer.com)

Product...

Posted by Moses Frost on Mar 26

As I sit here in my pseudo shelter in place status about 40 miles north of
you, I am releasing all of my long held thoughts of the past as I mindly
remote work in front of a WebEx/Zoom/Slack/GoToMeeting/etc hoping to
contact with actual lifeforms one day outside of the few that I live with.
While all this is happening I was mulling over the realization of a few
things.

1. The biggest threat to an organization happened during the big migration...

Posted by Dave Aitel on Mar 25

I just listened to a webinar on threat hunting. It's a thing you can do.
Anyways, at one point the presenter talked about how he really preferred to
threat hunt by looking at network protocols for threat hunting, and he
focused on beaconing and C2.

Every time someone says that, I flash back to this amazing post from
BitDefender, which is about how Flame did C2 over USB....

Posted by Laura on Mar 25

ESSAY: What if AI waged war?

The Fatal Flaw
<https://jessicaanneeise.files.wordpress.com/2019/05/what-if-ai-waged-war_eise_creative-writing.pdf
>,
by Jessica Eise (Short Story)

Posted by Eldar Marcussen on Mar 24

HP ThinPro - Privileged command injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2019-18910

CVSSv3 score
-------------------------------------------------
7.6 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)

Vendor
-------------------------------------------------
HP - [https://www.hp.com](https://www.hp.com)

Product...

Posted by Eldar Marcussen on Mar 24

HP ThinPro - Citrix command injection
===============================================================================

Identifiers
-------------------------------------------------
* CVE-2019-18909

CVSSv3 score
-------------------------------------------------
6.1 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Vendor
-------------------------------------------------
HP - [https://www.hp.com](https://www.hp.com)

Product...