Security News

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

Full Disclosure - 16 March, 2019 - 11:50

Posted by Manuel Garcia Cardenas on Mar 16

=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------...

NEW: VMSA-2019-0003 - VMware Horizon update addresses Connection Server information disclosure vulnerability

Bug Traq - 15 March, 2019 - 06:07

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0003 - VMware Horizon update addresses Connection Server
information disclosure vulnerability

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0003.html

Relevant Products:

- VMware Horizon

Change Log:

2019-03-14: VMSA-2019-0003
Initial security advisory in conjunction with the release of VMware Horizon
7.8 on 2019-03-14.

NEW: VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege issues.

Bug Traq - 15 March, 2019 - 06:04

Posted by VMware Security Response Center on Mar 15

VMSA-2019-0002 - VMware Workstation update addresses elevation of privilege
issues.

Please see the advisory here:
https://www.vmware.com/security/advisories/VMSA-2019-0002.html

Relevant Products:

- VMware Workstation Pro / Player (Workstation)

Change Log:

2019-03-14: VMSA-2019-0002
Initial security advisory in conjunction with the release of VMware
Workstation 14.1.6 and 15.0.3 on 2019-03-14.

[SYSS-2018-033]: Fujitsu Wireless Keyboard Set LX901 - Keystroke Injection Vulnerability

Bug Traq - 15 March, 2019 - 06:01

Posted by matthias . deeg on Mar 15

Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: Not yet assigned
Author of Advisory: Matthias...

Vuln: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 14 March, 2019 - 23:00
Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability

Vuln: Google Chrome Prior to 73.0.3683.75 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 14 March, 2019 - 23:00
Google Chrome Prior to 73.0.3683.75 Multiple Security Vulnerabilities

Vuln: Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Security Focus Vulnerabilities - 13 March, 2019 - 23:00
Oracle Java SE CVE-2019-2449 Remote Security Vulnerability

Vuln: Oracle Java SE CVE-2019-2422 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 13 March, 2019 - 23:00
Oracle Java SE CVE-2019-2422 Information Disclosure Vulnerability

IPv6 Security for IPv4 Engineers

Bug Traq - 13 March, 2019 - 22:32

Posted by Fernando Gont on Mar 13

Folks,

It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
possible.

So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as
much of...

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

Bug Traq - 13 March, 2019 - 22:29

Posted by David Coomber on Mar 13

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

[SECURITY] [DSA 4407-1] xmltooling security update

Bug Traq - 13 March, 2019 - 03:15

Posted by Moritz Muehlenhoff on Mar 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4407-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xmltooling
CVE ID : CVE-2019-9628

Ross Geerlings...

[SECURITY] [DSA 4406-1] waagent security update

Bug Traq - 13 March, 2019 - 03:11

Posted by Moritz Muehlenhoff on Mar 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4406-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : waagent
CVE ID : CVE-2019-0804

Francis McBratney...

Microsoft Windows .Reg File Dialog Box Message Spoofing 0day

Bug Traq - 12 March, 2019 - 15:45

Posted by apparitionsec on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the Windows registry. These files can contain hives,
keys, and values.
.reg files can be created from...

[**UPDATED] Microsoft Windows .Reg File Dialog Box Message Spoofing 0day

Bug Traq - 12 March, 2019 - 15:41

Posted by apparitionsec on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the Windows registry. These files can contain hives,
keys, and values.
.reg files can be created from...

FlexPaper <= 2.3.6 Remote Command Execution

Full Disclosure - 12 March, 2019 - 12:10

Posted by redazione on Mar 12

Description
===========
FlexPaper (https://www.flowpaper.com) is an open source project, released under GPL license, quite widespread over the
internet. It provides document viewing functionalities to web clients, mobile and tablet devices. At least until 2014
the component has been actively used by WikiLeaks, when it was discovered to be affected by a XSS vulnerability
subsequently patched.

Around one year ago Red Timmy Sec discovered a...

CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal

Full Disclosure - 12 March, 2019 - 12:09

Posted by Kevin R on Mar 12

CVE-2019-9649

CoreFTP FTP / SFTP Server v2 - Build 674

MDTM Directory Traversal

Discovered By: Kevin Randall

Summary: By utilizing a directory traversal along with the FTP MDTM
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size along with the date the file was
last modified by using a ..\..\ technique

Tools used:

Parrot OS VM

Windows 7 VM

FTP / SFTP Server v2 - Build 674...

CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal

Full Disclosure - 12 March, 2019 - 12:09

Posted by Kevin R on Mar 12

CVE-2019-9648

CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal

Discovered By: Kevin Randall

Summary: By utilizing a directory traversal along with the FTP SIZE
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size by using a ..\..\ technique

Tools used:

Parrot OS VM

Windows 7 VM

FTP / SFTP Server v2 - Build 674

Netcat

Proof of Concept (PoC):

File 1:...

Re: Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)

Full Disclosure - 12 March, 2019 - 12:09

Posted by Henri Salo on Mar 12

MITRE assigned CVE-2019-9646 for this vulnerability.

Microsoft Windows .Reg File / Dialog Box Message Spoofing Vulnerability

Full Disclosure - 12 March, 2019 - 12:08

Posted by hyp3rlinx on Mar 12

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can contain hives, keys, and values.
.reg files can be created from scratch in a text editor or...

[SECURITY] [DSA 4405-1] openjpeg2 security update

Bug Traq - 11 March, 2019 - 02:56

Posted by Luciano Bello on Mar 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4405-1 security () debian org
https://www.debian.org/security/ Luciano Bello
March 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjpeg2
CVE ID : CVE-2017-17480 CVE-2018-5785...
Syndicate content