Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 19 min 30 sec ago

[RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

27 March, 2019 - 04:56

Posted by RedTeam Pentesting GmbH on Mar 27

Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval

RedTeam Pentesting discovered that the Cisco RV320 router still exposes
sensitive diagnostic data without authentication via the device's web
interface due to an inadequate fix by the vendor.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 through 1.4.2.20
Fixed Versions: none
Vulnerability Type: Information...

[RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

27 March, 2019 - 04:55

Posted by RedTeam Pentesting GmbH on Mar 27

Advisory: Cisco RV320 Unauthenticated Configuration Export

RedTeam Pentesting discovered that the configuration of a Cisco RV320
router can still be exported without authentication via the device's web
interface due to an inadequate fix by the vendor.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 through 1.4.2.20
Fixed Versions: none
Vulnerability Type: Information Disclosure...

ESA-2017-123: EMC Networker Remote Code Execution Vulnerability

26 March, 2019 - 12:25

Posted by secure on Mar 26

ESA-2017-123: EMC Networker Remote Code Execution Vulnerability

EMC Identifier: ESA-2017-123

CVE Identifier: CVE-2017-8023

Severity Rating: CVSSv3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:
EMC NetWorker versions 8.2.x
EMC NetWorker versions 9.0.x
EMC NetWorker versions prior to 9.1.1.5
EMC NetWorker versions prior to 9.2.1

Summary:
EMC NetWorker includes an unauthenticated remote code execution vulnerability...

APPLE-SA-2019-3-25-1 iOS 12.2

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-1 iOS 12.2

iOS 12.2 is now available and addresses the following:

CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch...

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

iCloud for Windows 7.11 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory...

APPLE-SA-2019-3-25-3 tvOS 12.2

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-3 tvOS 12.2

tvOS 12.2 is now available and addresses the following:

CFString
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be...

APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

iTunes 12.9.4 for Windows is now available and addresses the
following:

CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead...

APPLE-SA-2019-3-25-7 Xcode 10.2

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-7 Xcode 10.2

Xcode 10.2 is now available and addresses the following:

Kernel
Available for: macOS 10.13.6 or later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-4461: Ian Beer of Google Project Zero

Installation note:

Xcode 10.2 may be obtained from:...

APPLE-SA-2019-3-25-4 Safari 12.1

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-4 Safari 12.1

Safari 12.1 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6204: Ryan Pickren (ryanpickren.com)
CVE-2019-8505: Ryan Pickren...

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

26 March, 2019 - 12:24

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra

macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:

AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel...

[SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400)

26 March, 2019 - 12:22

Posted by Matthias Deeg on Mar 26

Advisory ID: SYSS-2018-036
Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015)
Manufacturer: ABUS
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Denial of Service - Uncontrolled Resource
Consumption (CWE-400)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2018-11-21
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9860
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas...

[SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311)

26 March, 2019 - 12:22

Posted by Matthias Deeg on Mar 26

Advisory ID: SYSS-2018-035
Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015)
Manufacturer: ABUS
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-11-21
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9862
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert...

[SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341)

26 March, 2019 - 12:22

Posted by Matthias Deeg on Mar 26

Advisory ID: SYSS-2018-034
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v3.01.01
Tested Version(s): v3.01.01
Vulnerability Type: Rolling Code - Predictable from Observable State
(CWE-341)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-11-21
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9863
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert...

CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion

26 March, 2019 - 12:21

Posted by Kevin R on Mar 26

**********************************************************************
Discovered By: Kevin Randall on 3/23/2019
**********************************************************************
A Directory Traversal issue was discovered in the Web GUI in Titan FTP
Server 2019 Build 3505.
When an authenticated user attempts to preview an uploaded file (through
PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can
be loaded in the server...

Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada

26 March, 2019 - 12:21

Posted by cfp on Mar 26

Recon Montreal - Call For Papers - June 28 - 30 - 2019
Welcome to TeleMate!
ATDT1514XXXXXXX
CONNECT 300
..
DATAPAC : XXXX XXXX
XXXXXXXX
DATAPAC: Call connected to XXXX XXXX

This is a private system. Access attempts are logged. Unauthorized
access may result in prosecution.

Bienvenue!

+ + + +
+ + +
+...

Repeat of CVE-2018-4251 in Razer Laptops

26 March, 2019 - 12:20

Posted by Bailey Fox on Mar 26

Razer has a vulnerability affecting all current laptops, where the SPI
Flash is set to full read/write and the Intel CPU is left in ME
Manufacturing Mode. This allows for attackers to safeguard rootkits with
Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such
as Meltdown, and many other things. They have yet to look into getting a
CVE assigned, saying it isn't necessary.