Security News
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update
Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update
Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers
Posted by Błażej Adamczyk on Jan 24
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF
REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY
OTHER)
Blazej Adamczyk (br0x)
blazej.adamczyk () gmail com...
[UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857
Posted by hyp3rlinx on Jan 24
Updated, exploit PoC had a check for an unused module was testing andremoved, had two versions but previously sent the wrong one.
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
[Vendor]
www.neowise.com
[Product]
CarbonFTP v1.4
CarbonFTP is a...
CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows
Posted by Pentagrid AG on Jan 24
Local Privilege Escalation in many Ricoh Printer Drivers for Windows(CVE-2019-19363)
======================================================================
Summary
--------
Pentagrid has been asked to manage the coordinated disclosure process
for a vulnerability that affects several Windows printer drivers for a
wide range of printers by the printer manufacture Ricoh. Due to
improperly set file permissions of file system entries...
Re: "Defending Forward" in time
Posted by John Lampe on Jan 24
imo, it's a general mentality that attackers have. I blogged about this 14years ago and it seems still applicable today (
https://blogs.securiteam.com/index.php/archives/170 )
Indecision can stem from too little information or too much information.
The defender *should* have the ability to influence both of those...
John
"Defending Forward" in time
Posted by Dave Aitel on Jan 24
So I went to S4 this week, which is a good conference here in Miami Beach,mostly about hacking/protecting utilities and other critical infrastructure
components. But I had the good fortune to run into a friend
<https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met before.
Anyways, they were telling me about how some Android State surveillance
spyware installed at the border on everyone's phone looked for some file...
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
Posted by Carlos Alberto Lopez Perez on Jan 23
------------------------------------------------------------------------WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
------------------------------------------------------------------------
Date reported : January 23, 2020
Advisory ID : WSA-2020-0001
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0001.html
WPE WebKit Advisory URL :...
[SECURITY] [DSA 4609-1] python-apt security update
Posted by Moritz Muehlenhoff on Jan 23
-------------------------------------------------------------------------Debian Security Advisory DSA-4609-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 23, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : python-apt
CVE ID : CVE-2019-15795 CVE-2019-15796...
SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS
Posted by SEC Consult Vulnerability Lab on Jan 23
SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >=======================================================================
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: version 8.5
CVE number: CVE-2020-7210
impact: medium
homepage: https://umbraco.com/
found: October 2019...
SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS
Posted by SEC Consult Vulnerability Lab on Jan 23
SEC Consult Vulnerability Lab Security Advisory < 20200123-0 >=======================================================================
title: Cross-Site Request Forgery (CSRF)
product: Umbraco CMS
vulnerable version: version 8.2.2
fixed version: version 8.5
CVE number: CVE-2020-7210
impact: medium
homepage: https://umbraco.com/
found: October 2019...
SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus
Posted by SEC Consult Vulnerability Lab on Jan 22
SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >=======================================================================
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 11.0 Build 11010
CVE number: CVE-2020-6843
impact: medium
homepage: https://www.manageengine.com/products/service-desk/...
SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus
Posted by SEC Consult Vulnerability Lab on Jan 22
SEC Consult Vulnerability Lab Security Advisory < 20200122-0 >=======================================================================
title: Reflected XSS
product: ZOHO ManageEngine ServiceDeskPlus
vulnerable version: <= 11.0 Build 11007
fixed version: 11.0 Build 11010
CVE number: CVE-2020-6843
impact: medium
homepage: https://www.manageengine.com/products/service-desk/...
[REVIVE-SA-2020-001] Revive Adserver Vulnerability
Posted by Matteo Beccati on Jan 21
========================================================================Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...
[SECURITY] [DSA 4608-1] tiff security update
Posted by Moritz Muehlenhoff on Jan 21
-------------------------------------------------------------------------Debian Security Advisory DSA-4608-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : tiff
CVE ID : CVE-2019-14973 CVE-2019-17546...
CarolinaCon CFP
Posted by CarolinaCon on Jan 21
CarolinaCon16 will be hosted in Charlotte, North Carolina at the EmbassySuites, April 10th through the 11th. All interested in speaking in the
realm of hacking, technology, science, robotics or any other related
field are invited to submit a proposal to speak at the Con. A proposal
should include the following:
* Name or handle/alias
* Presentation name
* A brief abstract, 1-2 paragraphs
* An estimated time-length of your...
[REVIVE-SA-2020-001] Revive Adserver Vulnerability
Posted by Matteo Beccati via Fulldisclosure on Jan 21
========================================================================Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...
