Security News

[CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver

Full Disclosure - 16 November, 2018 - 13:03

Posted by Stefan Kanthak on Nov 16

Hi @ll,

the executable installer of the
Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver,
version 15.9.0.1015 (LATEST for Windows 7), released 11/14/2017, available
from <https://downloadmirror.intel.com/27400/eng/SetupRST.exe> via
<https://downloadcenter.intel.com/download/27400/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver>
is (SURPRISE!) vulnerable!

CVSS score: 7.5/HIGH...

Budabot !calc Denial of Service

Full Disclosure - 16 November, 2018 - 13:02

Posted by Ryan Delaney on Nov 16

<!--
# Exploit Title: Budabot !calc Denial of Service
# Date: 15-10-2018
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: http://budabot.com/
# Software Link: https://github.com/Budabot/Budabot/releases
# Version: 0.6 -> 4.0
# Tested on: 4.0
# CVE: CVE-2018-19290

1. Description

In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax...

Remote Code Execution Vulnerability in ELBA5 Electronic Banking

Full Disclosure - 16 November, 2018 - 13:00

Posted by Florian Bogner on Nov 16

Remote Code Execution Vulnerability in ELBA5 Electronic Banking

Metadata
===================================================
Affected product: ELBA5 Network Installation (https://www.elba.at)
CVSSv3 Score: 10.0 (https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability Status: Fixed with version 5.8.1
Author: Florian Bogner @ Bee IT Security Consulting e.U.
Tested on: Windows 7 / Windows 10 / Windows...

AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups

Bug Traq - 15 November, 2018 - 03:17

Posted by Asterisk Security Team on Nov 15

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Summary Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

AST-2018-010:

Bug Traq - 15 November, 2018 - 03:14

Posted by Asterisk Security Team on Nov 15

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

Elephants and information leaks

Daily Dave - 14 November, 2018 - 15:32

Posted by Dave Aitel on Nov 14

https://immunityproducts.blogspot.com/2018/11/recent-kernel-memory-disclosure-bugs-in.html

We don't usually detail publicly the amount of engineering that goes into a
CANVAS exploit. But above is a blogpost about some of our recent work. If
you are a CANVAS Early Update customer, the Windows effort is available for
download - otherwise if you are a CANVAS customer, you already have the
Linux exploit. :)

For various other reasons, I'm...

AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups

Full Disclosure - 14 November, 2018 - 12:27

Posted by Asterisk Security Team on Nov 14

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Summary Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

AST-2018-010:

Full Disclosure - 14 November, 2018 - 12:13

Posted by Asterisk Security Team on Nov 14

Asterisk Project Security Advisory - AST-2018-010

Product Asterisk
Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...

Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities

Bug Traq - 14 November, 2018 - 04:03

Posted by Socket_0x03 on Nov 14

========================================================================================
Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities
========================================================================================

[SECURITY] [DSA 4339-1] ceph security update

Bug Traq - 14 November, 2018 - 04:00

Posted by Moritz Muehlenhoff on Nov 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4339-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 13, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ceph
CVE ID : CVE-2017-7519 CVE-2018-1086...

OCS Inventory NG ocsreports Authenticated RCE via Shell Upload (CVE-2018-15537)

Full Disclosure - 13 November, 2018 - 13:12

Posted by Simon Uvarov via Fulldisclosure on Nov 13

## Request 1

This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/
directory.

POST /ocsreports/index.php?function=tele_package HTTP/1.1
Host: 192.168.5.135
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5...

SwitchVPN Insecure Update Process and RCE

Full Disclosure - 13 November, 2018 - 13:11

Posted by Bernd Leitner on Nov 13

=======================================================================
Title: Insecure Update Process and RCE
Product: SwitchVPN for MacOS, Windows
Vulnerable version: 2.1012.03
CVE ID: Requested
Impact: Critical
Homepage: https://switchvpn.net/
Identified: 2018-11-01
By: Bernd Leitner (bernd.leitner [at] gmail dot com)
=======================================================================

Vendor description:
-------------------
"By 2015...

SwitchVPN MacOS Privilege Escalation Vulnerability

Full Disclosure - 13 November, 2018 - 13:11

Posted by Bernd Leitner on Nov 13

=======================================================================
Title: Privilege Escalation Vulnerability
Product: SwitchVPN for MacOS
Vulnerable version: 2.1012.03
CVE ID: CVE-2018-18860
Impact: Critical
Homepage: https://switchvpn.net/
Identified: 2018-09-29
By: Bernd Leitner (bernd.leitner [at] gmail dot com)
=======================================================================

Vendor description:
-------------------
"By 2015...

2019 Keynote: WINDOW SNYDER

Daily Dave - 13 November, 2018 - 11:28

Posted by Dave Aitel on Nov 13

https://vimeo.com/135888545 - Andrew Cushman, 2012

I wanted to highlight how much I lie awake at night thinking about
keynotes. And I think we have a good record on them, if for no other reason
than we refuse to do the standard drill.

At other conferences, keynotes go to sponsors or to people you pay because
they are famous. I think a better way is to find the voices in industry
with something to say that they have not been able to say on a...

[security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information

Bug Traq - 13 November, 2018 - 08:53

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286178
Version: 1

MFSBGN03831 rev. - Service Management Automation, remote disclosure of
information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...

[security bulletin] MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

Bug Traq - 13 November, 2018 - 08:52

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286177

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286177
Version: 1

MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...

[security bulletin] MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data

Bug Traq - 13 November, 2018 - 08:46

Posted by cyber-psrt on Nov 13

Note: the current version of the following document is available here:
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286176

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03286176
Version: 1

MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of
data

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-11-12
Last Updated:...

[slackware-security] libtiff (SSA:2018-316-01)

Bug Traq - 13 November, 2018 - 08:43

Posted by Slackware Security Team on Nov 13

[slackware-security] libtiff (SSA:2018-316-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-4.0.10-i586-1_slack14.2.txz: Upgraded.
This update fixes some denial of service security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456...

DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability

Full Disclosure - 12 November, 2018 - 01:42

Posted by secure on Nov 11

DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability

Dell EMC Identifier: DSA-2018-198

CVE Identifier: CVE-2018-15769

Severity: Medium

Severity Rating: CVSS v3 Base Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series)
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.2 (in 4.1.x series)

Summary:

RSA BSAFE Micro Edition...

Sensitive Data Exposure via RSSI Broadcasts in Android OS [CVE-2018-9581]

Full Disclosure - 12 November, 2018 - 01:42

Posted by Nightwatch Cybersecurity Research on Nov 11

[Blog post here:
https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-9581/]

[NOTE: This bug is part of a series of three related Android bugs with
the same root cause: CVE-2018-9489, CVE-2018-9581 and CVE-2018-15835.
A presentation covering all three bugs was given at BSides DE in the
fall of 2018.]

SUMMARY

System broadcasts by the Android operating system expose WiFi signal
strength information (RSSI). Any application on the device...
Syndicate content