Security News

SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability

Full Disclosure - 16 November, 2020 - 05:15

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2249

Release Date:
=============
2020-11-16

Vulnerability Laboratory ID (VL-ID):
====================================
2249

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Cross...

SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability

Full Disclosure - 16 November, 2020 - 05:13

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2257

Release Date:
=============
2020-11-13

Vulnerability Laboratory ID (VL-ID):
====================================
2257

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Cross...

Intel NUC - Local Privilege Escalation Vulnerability

Full Disclosure - 16 November, 2020 - 05:10

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
Intel NUC - Local Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2267

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525

CVE-ID:
=======
CVE-2020-24525

Release Date:
=============
2020-11-13

Vulnerability Laboratory ID (VL-ID):
====================================
2267

Common Vulnerability Scoring System:...

Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability

Full Disclosure - 16 November, 2020 - 05:09

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2263

Release Date:
=============
2020-11-13

Vulnerability Laboratory ID (VL-ID):
====================================
2263

Common Vulnerability Scoring System:
====================================
4.2

Vulnerability Class:
====================
Cross Site...

Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability

Full Disclosure - 16 November, 2020 - 05:07

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2241

Release Date:
=============
2020-11-12

Vulnerability Laboratory ID (VL-ID):
====================================
2241

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site...

SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities

Full Disclosure - 16 November, 2020 - 05:06

Posted by Vulnerability Lab on Nov 16

Document Title:
===============
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2265

Release Date:
=============
2020-11-11

Vulnerability Laboratory ID (VL-ID):
====================================
2265

Common Vulnerability Scoring System:
====================================
7.8

Vulnerability Class:
====================
Multiple...

APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-6 Additional information for
APPLE-SA-2020-09-16-4 watchOS 7.0

watchOS 7.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211844.

Audio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong...

APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-7 Additional information for
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security
Update 2020-005 High Sierra, Security Update 2020-005 Mojave

macOS Catalina 10.15.7, Security Update 2020-005 High Sierra,
Security Update 2020-005 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211849.

CoreAudio
Available for: macOS Catalina 10.15
Impact: Playing...

APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.

AppleAVD
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or...

APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-4 Additional information for
APPLE-SA-2020-09-16-2 tvOS 14.0

tvOS 14.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211843.

Assets
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979:...

APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-5 Additional information for
APPLE-SA-2020-09-16-3 Safari 14.0

Safari 14.0 addresses the following issues. Information about
the security content is also available at
https://support.apple.com/HT211845.

Safari
Available for: macOS Catalina and macOS Mojave, and included in macOS
Big Sur
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling....

APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave

Full Disclosure - 15 November, 2020 - 13:18

Posted by Apple Product Security via Fulldisclosure on Nov 15

APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security
Update 2020-006 Mojave

Security Update 2020-006 High Sierra, Security Update 2020-006
Mojave addresses the following issues. Information about the security
content is also available at https://support.apple.com/HT211946.

FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution....

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002

Full Disclosure - 15 November, 2020 - 13:18

Posted by Pim van Stam on Nov 15

Nothing or everything, depends on how you see it.
On default install there is only 1 active user, which is the person installing the system.
This person can see everything (is part of sudo group). The rest of the world can see nothing.

Then, and that is important, the person installing must know how to secure.
If you want to have multiple normal users and services, like web- and mailservices, you have to take extra care on
securing the system....

[SYSS-2020-037] Persistent Cross-site Scripting (CWE-79) in REDDOXX MailDepot (CVE-2020-26554)

Full Disclosure - 15 November, 2020 - 13:12

Posted by Micha Borrmann on Nov 15

Advisory ID: SYSS-2020-037
Product: MailDepot
Manufacturer: REDDOXX GmbH
Affected Version(s): 2033 (2.3.3022)
Tested Version(s): 2033 (2.3.3022)
Vulnerability Type: Persistent Cross-site Scripting (CWE-79)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2020-10-01
Solution Date: 2020-11-11
Public Disclosure: 2020-11-13...

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002

Full Disclosure - 15 November, 2020 - 13:07

Posted by bo0od on Nov 15

I see this is fixed in Whonix/Kicksecure which they are like hardened
debian, One for anonymity (whonix), and one for clearnet (KickSecure). I
doubt any distro fixed/hardened that.

Maybe this is interesting:
https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation

Georgi Guninski:

Scope of Debian's /home/loser is with permissions 755, default umask 002

Full Disclosure - 12 November, 2020 - 21:24

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don't understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot...

Avian JVM FileOutputStream.write() Integer Overflow

Full Disclosure - 12 November, 2020 - 21:24

Posted by Pietro Oliva via Fulldisclosure on Nov 12

Vulnerability title: Avian JVM FileOutputStream.write() Integer Overflow
Author: Pietro Oliva
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0 before 27th October 2020
Fixed Version: 1.2.0 since 27th October 2020

Description:
The issue is located in the FileOutputStream.write() method defined in
FileOutputStream.java, where a boundary check is performed in order to prevent
out-of-bounds memory read/write. However, this check...

[No cON Name] #ncn2k20 CFP online - Barcelona

Full Disclosure - 10 November, 2020 - 13:02

Posted by José Nicolás Castellano on Nov 10

No cON Name 2020 - Online Edition

Call For Papers https://www.noconname.org/call-for-papers/

    * INTRODUCTION
The organization has  opened CFP proposals. Our goal is to get highly 
qualified
requests  for both, speaker opportunities, as well as workshops, to show
in  one
of  the most  respected hacker conferences in  Barcelona and Spain, NcN
(No cON
Name). We will cellebrate as the last edition, 2 tracks:

    * Privacy and net...

NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3)

Full Disclosure - 10 November, 2020 - 13:01

Posted by hyp3rlinx on Nov 10

from subprocess import Popen, PIPE
import sys,argparse,re

#MIT License
#Copyright (c) 2020 John Page (aka hyp3rlinx)
#Permission is hereby granted, free of charge, to any person obtaining a
copy
#of this software and associated documentation files (the "Software"), to
deal
#in the Software without restriction, including without limitation the
rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of...

secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication

Full Disclosure - 6 November, 2020 - 13:12

Posted by Tobias Glemser on Nov 06

secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication

Affected Products
OvulaRing Webapp Version 4.2.2 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2020-01.txt
https://owasp.org/www-project-api-security/ API1:2019 Broken Object Level Authorization

Summary:
"OvulaRing is an easy and accurate way to find out about your cycle health and...
Syndicate content