Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 15 min 30 sec ago

Microsoft Word (2016) / Deceptive File Reference Vuln

18 June, 2019 - 03:27

Posted by hyp3rlinx on Jun 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Word 2016

[Vulnerability Type]
Deceptive File Reference

[References]
ZDI-CAN-7949

[Security Issue]
When a MS Word ".docx" File contains a hyperlink to...

BlogEngine.NET Directory traversal + RCE

18 June, 2019 - 03:27

Posted by aaron bishop on Jun 18

BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate
Directory Traversal issues that can lead to Remote Code Execution.

CVE-2019-10719 exploits a directory traversal in /api/upload, allowing
users to write files to any location within the web root. This bypasses
the protection added in version 3.3.7 to prevent CVE-2019-6714. A user,
with the ability to add images or files to posts, can upload a malicious
PostView.ascx file...

DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability

14 June, 2019 - 14:27

Posted by secure on Jun 14

DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Dell EMC Identifier: DSA-2019-092
CVE Identifier: CVE-2019-3737
Severity: High
Severity Rating: CVSS v3 Base Score: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected products:
DELL EMC Avamar(r) ADMe Web UI (c) 1.0.50, 1.0.51

Summary:
DELL EMC Avamar(r) Data Migration Enabler (ADMe) Web UI requires security updates to address a local file include(LFI)...

[Project] Open frame to the main.

14 June, 2019 - 14:26

Posted by hacksomeheavymetal via Fulldisclosure on Jun 14

Despite of anakata's motives one thing is certain, thanks to him some
people got hooked and started to talk about the security of mainframes.
Since then, few individuals, and before that even fewer, did their best
sharing their knowledge in the field and contributing to the infosec and
mainframe communities. This however was still not enough to close the gap
between mainframes and the rest of the world.

I'm sharing the bits and pieces...

X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird

14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-004

Type confusion in Thunderbird
=============================
Severity Rating: Medium
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
Vector: Incoming mail with calendar attachment
Credit: X41 D-SEC GmbH, Luis Merino...

X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird

14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-003

Stack-based buffer overflow in Thunderbird
==========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
Vector: Incoming mail with calendar attachment
Credit: X41...

X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird

14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-002

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820
Vector: Incoming mail with calendar attachment
Credit: X41...

X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird

14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-001

Heap-based buffer overflow in Thunderbird
=========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814
Vector: Incoming mail with calendar attachment
Credit: X41...

[SE-2019-01] Java Card vulnerabilities (post shutdown release)

14 June, 2019 - 04:59

Posted by Adam Gowdiak on Jun 14

Hello All,

Original reports that were submitted to Oracle and Gemalto have been
posted to Security Explorations website:

http://www.security-explorations.com/javacard_details.html

This should help all interested parties to proceed with an independent
evaluation of the issues, but also judge Oracle and Gemalto stance with
respect to them.

Thank you.

Best Regards,
adam gowdiak

SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

13 June, 2019 - 01:01

Posted by SEC Consult Vulnerability Lab on Jun 12

SEC Consult Vulnerability Lab Security Advisory < 20190612-0 >
=======================================================================
title: Multiple vulnerabilities
product: WAGO 852 Industrial Managed Switch Series
vulnerable version: 852-303: <v1.2.2.S0
852-1305: <v1.1.6.S0
852-1505: <v1.1.5.S0
fixed version: 852-303: v1.2.2.S0...

Disclosing a security vulnerability

11 June, 2019 - 12:14

Posted by raki ben hamouda on Jun 11

Document Title:
===============
D-Link DWL-2600AP - (Authenticated) OS Command Injection (Restore Configuration)

Product & Service Introduction:
===============================
The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the
D-Link DWL-2600AP.

Affected Product(s):
====================
Product: D-Link DWL-2600AP (Web Interface)

Exploitation Technique:
=======================...

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

11 June, 2019 - 12:13

Posted by Qualys Security Advisory on Jun 11

Qualys Security Advisory

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

========================================================================
Contents
========================================================================

Summary
Local exploitation
Remote exploitation
- Non-default configurations
- Default configuration
Acknowledgments
Timeline

Boromir: "What is this new devilry?"
Gandalf: "A Balrog. A...

APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

11 June, 2019 - 12:13

Posted by Apple Product Security via Fulldisclosure on Jun 11

APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

AirPort Base Station Firmware Update 7.9.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz

AirPort Base...

New Version of Hyperion (PE runtime encrypter) released.

11 June, 2019 - 12:13

Posted by Levon Kayan on Jun 11



Hi,

We've just released version 2.0 of our PE crypter, hyperion.

[ CHANGELOG ]

- Support for 64bit was added

- C++ has been replaced by a more clean C implementation

- More modular concept allows extensions with custom payloads

[ DESCR ]

Hyperion is a runtime encrypter for 32- and 64-bit portable executables. It is
a reference implementation and bases on the paper "Hyperion:
Implementation of a PE-Crypter"

[ LINKS ]...

[SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability

11 June, 2019 - 12:07

Posted by Matthias Deeg on Jun 11

Advisory ID: SYSS-2019-015
Product: R700 Laser Presentation Remote
Manufacturer: Logitech
Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-12
Solution Date: -
Public...

[SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability

11 June, 2019 - 12:07

Posted by Matthias Deeg on Jun 11

Advisory ID: SYSS-2019-008
Product: 2.4 GHz Wearable Wireless Presenter WP2002
Manufacturer: Inateck
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12504
Author of...

[SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability

11 June, 2019 - 12:07

Posted by Matthias Deeg on Jun 11

Advisory ID: SYSS-2019-007
Product: 2.4 GHz Wireless Presenter WP1001
Manufacturer: Inateck
Affected Version(s): Rev. v1.3C
Tested Version(s): Rev. v1.3C
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12505
Author of...

Goby 1.0 Released!

11 June, 2019 - 12:06

Posted by goby goby on Jun 11

The Goby is a new network security tool for cybersecurity asset management.
After nearly six months of development, version 1.0 is being released to
the public.

Goby's main objective is to scan cybersecurity assets and vulnerabilities
with shortest time and minimum packets, which is first analyzing the target
network IT assets to build the assets knowledge database.

Some highlights in this release:
- More than 3000+ assets rules (IoT...

Rapid7’s Windows InsightIDR Agent: Local Privilege Escalation

11 June, 2019 - 12:06

Posted by Florian Bogner on Jun 11

Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent

Metadata
===================================================
Release Date: 03-Jun-2019
Author: Florian Bogner @ https://bee-itsecurity.at
Affected product: Rapid7’s Insight Agent v2.6.3.14 and earlier for Windows
Fixed in: version 2.6.5
Tested on: Windows 10 x64 fully patched
CVE: CVE-2019-5629
URL:...

Multiple Cross-site Scripting Vulnerabilities in Shopware 5.5.6

11 June, 2019 - 12:05

Posted by Daniel Bishtawi on Jun 11

Hello,

We are informing you about the vulnerabilities we reported in Shopware
5.5.6.

*Information: *
Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in Shopware
Affected Software: Shopware
Affected Versions: 5.5.6
Homepage: https://en.shopware.com/
Vulnerability: Cross-site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference: NS-19-004...