SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Manuel Garcia Cardenas on Mar 16

=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------...

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0003 - VMware Horizon update addresses Connection Server
information disclosure vulnerability

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0003.html

Relevant Products:

- VMware Horizon

Change Log:

2019-03-14: VMSA-2019-0003
Initial security advisory in conjunction with the release of VMware Horizon
7.8 on 2019-03-14.

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege
issues.

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0002.html

Relevant Products:

- VMware Workstation Pro / Player (Workstation)

Change Log:

2019-03-14: VMSA-2019-0002
Initial security advisory in conjunction with the release of VMware
Workstation 14.1.6 and 15.0.3 on 2019-03-14.

Posted by matthias . deeg on Mar 15

Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: Not yet assigned
Author of Advisory: Matthias...

Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability

Google Chrome Prior to 73.0.3683.75 Multiple Security Vulnerabilities

Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Oracle Java SE CVE-2019-2422 Information Disclosure Vulnerability

Posted by Fernando Gont on Mar 13

Folks,

It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
possible.

So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as
much of...

Posted by David Coomber on Mar 13

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

Posted by Moritz Muehlenhoff on Mar 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4407-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xmltooling
CVE ID : CVE-2019-9628

Ross Geerlings...

Posted by Moritz Muehlenhoff on Mar 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4406-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : waagent
CVE ID : CVE-2019-0804

Francis McBratney...

Posted by apparitionsec on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the Windows registry. These files can contain hives,
keys, and values.
.reg files can be created from...

Posted by apparitionsec on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the Windows registry. These files can contain hives,
keys, and values.
.reg files can be created from...

Posted by redazione on Mar 12

Description
===========
FlexPaper (https://www.flowpaper.com) is an open source project, released under GPL license, quite widespread over the
internet. It provides document viewing functionalities to web clients, mobile and tablet devices. At least until 2014
the component has been actively used by WikiLeaks, when it was discovered to be affected by a XSS vulnerability
subsequently patched.

Around one year ago Red Timmy Sec discovered a...

Posted by Kevin R on Mar 12

CVE-2019-9649

CoreFTP FTP / SFTP Server v2 - Build 674

MDTM Directory Traversal

Discovered By: Kevin Randall

Summary: By utilizing a directory traversal along with the FTP MDTM
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size along with the date the file was
last modified by using a ..\..\ technique

Tools used:

Parrot OS VM

Windows 7 VM

FTP / SFTP Server v2 - Build 674...

Posted by Kevin R on Mar 12

CVE-2019-9648

CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal

Discovered By: Kevin Randall

Summary: By utilizing a directory traversal along with the FTP SIZE
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size by using a ..\..\ technique

Tools used:

Parrot OS VM

Windows 7 VM

FTP / SFTP Server v2 - Build 674

Netcat

Proof of Concept (PoC):

File 1:...

Posted by Henri Salo on Mar 12

MITRE assigned CVE-2019-9646 for this vulnerability.

Posted by hyp3rlinx on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can contain hives, keys, and values.
.reg files can be created from scratch in a text editor or...

Posted by Luciano Bello on Mar 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4405-1 security () debian org
https://www.debian.org/security/ Luciano Bello
March 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjpeg2
CVE ID : CVE-2017-17480 CVE-2018-5785...