Security News

FTPShell client 6.74 - Local Buffer Overflow (SEH)

Full Disclosure - 13 September, 2019 - 02:50

Posted by Debashis Pal on Sep 13

#!/usr/bin/python

# Exploit Type : DOS
# Exploit Title: FTPShell client 6.74 - Local Buffer Overflow (SEH)
# Vulnerable Software & version : FTPShell client 6.74
# Vendor Homepage: https://www.ftpshell.com/
# Software Link: https://www.ftpshell.com/downloadclient.htm
# Tested Windows : Windows Vista Ultimate SP2(32-bit), Windows 7
Professional SP1(32-bit)
# Exploit Author: Debashis Pal
# Timeline
# Vulnerability Discover Date:...

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

Full Disclosure - 13 September, 2019 - 02:50

Posted by Manuel Garcia Cardenas on Sep 13

=============================================
MGC ALERT 2019-003
- Original release date: June 13, 2019
- Last revised: September 13, 2019
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,3/10 (CVSS Base Score)
- CVE-ID: CVE-2019-12922
=============================================

I. VULNERABILITY
-------------------------
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

II. BACKGROUND
-------------------------
phpMyAdmin is a free...

SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey

Full Disclosure - 12 September, 2019 - 14:37

Posted by SEC Consult Vulnerability Lab on Sep 12

SEC Consult Vulnerability Lab Security Advisory < 20190912-0 >
=======================================================================
title: Stored and reflected XSS vulnerabilities
product: LimeSurvey
vulnerable version: <= 3.17.13
fixed version: =>3.17.14
CVE number: CVE-2019-16172, CVE-2019-16173
impact: medium
homepage: https://www.limesurvey.org/...

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

Bug Traq - 12 September, 2019 - 03:54

Posted by Slackware Security Team on Sep 12

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] openssl (SSA:2019-254-03)

Bug Traq - 12 September, 2019 - 03:51

Posted by Slackware Security Team on Sep 12

[slackware-security] openssl (SSA:2019-254-03)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz: Upgraded.
This update fixes low severity security issues:
Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Compute ECC cofactors if not...

[slackware-security] curl (SSA:2019-254-01)

Bug Traq - 12 September, 2019 - 03:47

Posted by Slackware Security Team on Sep 12

[slackware-security] curl (SSA:2019-254-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP-KRB double-free
TFTP small blocksize heap buffer overflow
For more information, see:...

Vuln: ImageMagick CVE-2018-16750 Denial of Service Vulnerability

Security Focus Vulnerabilities - 10 September, 2019 - 23:00
ImageMagick CVE-2018-16750 Denial of Service Vulnerability

Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

Security Focus Vulnerabilities - 10 September, 2019 - 23:00
OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Full Disclosure - 10 September, 2019 - 12:48

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Full Disclosure - 10 September, 2019 - 12:48

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx version Ironwood.1

Full Disclosure - 10 September, 2019 - 12:22

Posted by Daniel Bishtawi on Sep 10

Hello,

We are informing you about the vulnerabilities in OpenEdx version
Ironwood.1.

Here are the details:

Information
--------------------
Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting Vulnerabilities in OpenEdx
version Ironwood.1
Affected Software: OpenEdx
Affected Versions: Ironwood.1
Homepage: https://open.edx.org/
Vulnerability: Cross site Scripting
Severity: Medium
Status: Fixed
CVSS Score (3.0):...

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Bug Traq - 10 September, 2019 - 11:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Bug Traq - 10 September, 2019 - 10:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

[SECURITY] [DSA 4521-1] docker.io security update

Bug Traq - 10 September, 2019 - 10:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Bug Traq - 10 September, 2019 - 10:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

Bug Traq - 10 September, 2019 - 10:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...

[SECURITY] [DSA 4520-1] trafficserver security update

Bug Traq - 10 September, 2019 - 10:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4519-1] libreoffice security update

Bug Traq - 10 September, 2019 - 10:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Bug Traq - 10 September, 2019 - 10:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...

[SECURITY] [DSA 4518-1] ghostscript security update

Bug Traq - 10 September, 2019 - 10:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...
Syndicate content