Bug Traq

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 18 min 25 sec ago

[SECURITY] [DSA 4526-1] opendmarc security update

20 September, 2019 - 03:16

Posted by Salvatore Bonaccorso on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4526-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opendmarc
CVE ID : CVE-2019-16378
Debian Bug :...

[SECURITY] [DSA 4527-1] php7.3 security update

20 September, 2019 - 03:13

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4527-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039...

[SECURITY] [DSA 4528-1] bird security update

20 September, 2019 - 03:09

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4528-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bird
CVE ID : CVE-2019-16159

Daniel McCarney...

[SECURITY] [DSA 4525-1] ibus security update

19 September, 2019 - 01:49

Posted by Salvatore Bonaccorso on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4525-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ibus
CVE ID : CVE-2019-14822
Debian Bug :...

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF

18 September, 2019 - 09:03

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

[SECURITY] [DSA 4524-1] dino-im security update

17 September, 2019 - 02:22

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dino-im
CVE ID : CVE-2019-16235 CVE-2019-16236...

[slackware-security] expat (SSA:2019-259-01)

17 September, 2019 - 02:19

Posted by Slackware Security Team on Sep 17

[slackware-security] expat (SSA:2019-259-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.2.8-i586-1_slack14.2.txz: Upgraded.
Fix heap overflow triggered by XML_GetCurrentLineNumber (or
XML_GetCurrentColumnNumber), and deny internal entities closing the doctype.
For more...

[SECURITY] [DSA 4523-1] thunderbird security update

16 September, 2019 - 02:26

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4523-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11739 CVE-2019-11740...

[SECURITY] [DSA 4522-1] faad2 security update

16 September, 2019 - 02:24

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : faad2
CVE ID : CVE-2018-19502 CVE-2018-19503...

SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey

16 September, 2019 - 02:20

Posted by SEC Consult Vulnerability Lab on Sep 16

SEC Consult Vulnerability Lab Security Advisory < 20190912-0 >
=======================================================================
title: Stored and reflected XSS vulnerabilities
product: LimeSurvey
vulnerable version: <= 3.17.13
fixed version: =>3.17.14
CVE number: CVE-2019-16172, CVE-2019-16173
impact: medium
homepage: https://www.limesurvey.org/...

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

12 September, 2019 - 03:54

Posted by Slackware Security Team on Sep 12

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] openssl (SSA:2019-254-03)

12 September, 2019 - 03:51

Posted by Slackware Security Team on Sep 12

[slackware-security] openssl (SSA:2019-254-03)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz: Upgraded.
This update fixes low severity security issues:
Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Compute ECC cofactors if not...

[slackware-security] curl (SSA:2019-254-01)

12 September, 2019 - 03:47

Posted by Slackware Security Team on Sep 12

[slackware-security] curl (SSA:2019-254-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP-KRB double-free
TFTP small blocksize heap buffer overflow
For more information, see:...

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

10 September, 2019 - 11:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

10 September, 2019 - 10:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

[SECURITY] [DSA 4521-1] docker.io security update

10 September, 2019 - 10:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

10 September, 2019 - 10:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

10 September, 2019 - 10:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...

[SECURITY] [DSA 4520-1] trafficserver security update

10 September, 2019 - 10:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4519-1] libreoffice security update

10 September, 2019 - 10:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...