SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Henri Salo on Apr 30

MITRE assigned CVE-2019-11590 for this issue.

Posted by Henri Salo on Apr 30

MITRE assigned CVE-2019-11557 for this vulnerability.

Posted by Aki Tuomi via Fulldisclosure on Apr 30

Dear subscribers, we have been made aware of two critical vulnerabilities in Dovecot 2.3. Please find patches attached
for 2.3.5.2.

---
Aki Tuomi
Open-Xchange oy

------

Open-Xchange Security Advisory 2019-04-30

Product: Dovecot
Vendor: OX Software GmbH

Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits:...

Posted by gionreale on Apr 26

CVE-2019-11028

Posted by xen1thLabs on Apr 23

UNCLASSIFIED

## ADVISORY INFORMATION

TITLE: Multiple vulnerabilities in Sony Smart TVs
ADVISORY URL:
https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
DATE PUBLISHED: 23/04/2019
AFFECTED VENDORS: Sony
RELEASE MODE: Coordinated release
CVE: CVE-2019-10886, CVE-2019-11336
CVSSv3 for CVE-2019-10886: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSSv3 for CVE-2019-11336: 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

## PRODUCT...

Posted by Reed Black on Apr 23

Have you tested this?

The Google Maps page header includes "x-frame-options: SAMEORIGIN” which would prevent iframe embedding in every
commonly used browser. But even if this control were not in place, browsers implement additional controls. Most
significantly, if the page to be embedded in an iframe is on a remote domain, then the parent page is prevented from
inspecting iframe content and metadata unless permissions are granted by...

Posted by Panagiotis Vagenas on Apr 23

# Exploit Title: Contact Form Builder [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-builder
# Version: 1.0.67
# Tested on: WordPress 5.1.1

Description
-----------

Plugin implements the following AJAX actions:

- `ContactFormMakerPreview`
- `ContactFormmakerwdcaptcha`
- `nopriv_ContactFormmakerwdcaptcha`
- `CFMShortcode`...

Posted by Victor Angelier CCX on Apr 18

sounds clear, thanks!

Met vriendelijke groet,

Kind regards,

the Coding Company

[cid:6ccbe4bb-c1c0-4df5-9d4b-636a22d7d37a]

V.A. (Victor) Angelier

CISO,Certified Hacker, CAST611 Certified Advanced Pentester, DevOps

PGP: 612C4BB2<https://pgp.mit.edu/pks/lookup?op=get&search=0x0188D45D612C4BB2>

T: +31 55 302 00 10 (Main number)

M: +46 76 835 6450 (Swedish)

M: +31 6 195 22 602 (Dutch)

E: victor () thecodingcompany se

W:...

Posted by Red Timmy Sec - on Apr 18

For the anniversary of the discovery of CVE-2018-2879 by Sec Consult
(https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/) we have decided to release OAMbuster,
a multi-thread implementation of CVE-2018-2879.

Link of the exploit: https://github.com/redtimmy/OAMBuster

Some additional details: https://redtimmysec.wordpress.com/2019/04/14/oambuster-multithreaded-exploit-for-cve-2018-2879/

Regards,
Red Timmy...

Posted by Kurt H Maier on Apr 18

Yes, if a root-user process executes a script as root then the resulting
commands are indeed run as root.

Those are not INI files, they are shell scripts that set environment
variables. If you do not want your users to have root access on your
computer, do not let them edit files that are run as root.

Your example command configures the environment variable NAME to have
the value 'Network' when the shell runs...

Posted by Bhavesh Naik via Fulldisclosure on Apr 18

HTML5's geolocation feature asks for permissions to obtain users current location & the current IP to location also
fails to pinpoint exact location of the user.However, one can use google maps to obtain the location of the user (being
said that he is currently logged in with his google account).
Using the URL: https://www.google.com/maps/search/current+location/ in an I-frame content and making the visitor access
the site would allow...

Posted by hyp3rlinx on Apr 18

Vimeo reinstated my account few hours later but I switched to youtube for
now.. but will check those out.

Thank you for that...
hyp3rlinx

Posted by Victor Angelier CCX on Apr 16

Hi there,

Just found an issue in Redhat/CentOS which according to RedHat security team is not an issue. I don't know, sounds
weird to me.

If, for whatever reason, a user is able to write an ifcf-<whatever> script to /etc/sysconfig/network-scripts or it can
adjust an existing one, then your system in pwned.

Network scripts, ifcg-eth0 for example are used for network connections. The look exactly like .INI files. However,
they are...

Posted by bo0od on Apr 16

have your own videos either on one of the PeerTubes instances or have
your own instance.

https://joinpeertube.org/en/

other good alternative would be:

https://mediagoblin.org/pages/tour.html

Enjoy!

hyp3rlinx:

Posted by aaron bishop on Apr 16

Numerous Zyxel devices are vulnerable to a reflected XSS issue on the login
page. The mp_idx parameter is included in the page unsanitized. A request
such a

https://$RHOST/?mobile=1&mp_idx=%22;alert(1);//

Will trigger an alert, demonstrating the issue. A call to getScript() can
be used to include a full external JavaScript file to capture the
credentials of the user.

Disclosure at:...

Posted by Security Explorations on Apr 14

Hello All,

On Mar 20, 2019 Security Explorations reported a security vulnerability
(Issue 19) to Gemalto [1], that made it possible to achieve read, write
and native code execution access on company's card (GemXplore 3G v3.0).

On Mar 30, 2019, Gemalto provided is with the results of its analysis
of the submitted report.

Gemalto started its message by stating that "the company is committed
to provide state of the art security products...

Posted by hyp3rlinx on Apr 13

vimeo removed my account for no good reason so new POC url is included.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Internet Explorer v11
(latest version)

Internet Explorer is a series of graphical web browsers...

Posted by Abdel Adim `smaury` Oisfi on Apr 13

Description
==========
Various vulnerabilities have been found in Nagios XI 5.5.10, which allow
a remote attacker able to trick an authenticated victim (with
“autodiscovery job” creation privileges) to visit a malicious URL to
obtain a remote root shell via a reflected Cross-Site Scripting (XSS),
an authenticated Remote Code Execution (RCE) and a Local Privilege
Escalation (LPE).

Update to Nagios XI 5.5.11 which includes all the fixes.

Full...

Posted by Harley A.W. Lorenzo via Fulldisclosure on Apr 13

================================================================================
Title: Security Analysis of the TP-Link Archer C50 Router
Version: Archer C50(US)_V2_160801 (latest firmware available)
Product Page: https://www.tp-link.com/us/home-networking/wifi-router/archer-c50/
Published: 2019-04-10 (UTC Time)
Published by: Harley A.W. Lorenzo <hl1998 () protonmail com>
<GPG Key: 0xF6EF23904645BA53>...

Posted by Sachin Wagh on Apr 09

*Summary:*

The NC450 is your favorable companion that meets to home and office
surveillance needs, keeping you in touch with what matters most. With its
smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the
camera to almost any position you want and watch over a wider area of your
home.

HD Pan/Tilt Wi-Fi Camera NC450 contain hard-coded credentials within its
Linux distribution image. This credentials (root:root) cannot be...