SOLDIERX.COM Nobody Can Stop Information Insemination

Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability

Posted by Marco Ivaldi on Jul 18

Hi,

Just a quick follow-up to my original advisory. The CVE name CVE-2019-2832 has been assigned to the vulnerability and
Oracle has released a patch in its July 2019 CPU. Further information is available at:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixSUNS
https://support.oracle.com/epmos/faces/DocContentDisplay?id=2560938.1

Once again, I would like to thank Jon Trulson (maintainer of the open...

GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability

Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Mozilla Firefox Multiple Security Vulnerabilities

Posted by apparitionsec on Jul 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15...

CKEditor CVE-2018-9861 Cross Site Scripting Vulnerability

Posted by Marcin Kozlowski on Jul 16

Hi list,

Maybe you find this interesting. In July 2019 Android fixed several
critical bugs, including this one. I think "Hevcfright" (in reference to
Stagefright) is quite possible, with lot of effort, I guess. This video
will crash stock VideoPlayer in Android 7-9 without July 2019 Patch (
https://source.android.com/security/bulletin/2019-07-01). More here:
https://github.com/marcinguy/CVE-2019-2107/

Thanks,
Marcin

Posted by hyp3rlinx on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15

https://www.computerlab.com/index.php/downloads/category/27-device-manager...

Posted by hyp3rlinx on Jul 16

[** CORRECTION Fixed Port Typo]

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format,
consisting of a...

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability

Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability

Perl Multiple Buffer Overflow Vulnerabilities

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Oracle MySQL Server Cpujul2019 Multiple Security Vulnerabilities

Multiple Dell EMC Products CVE-2018-11058 Buffer Overflow Vulnerability