Security News
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
Posted by Imre Rad on Feb 18
The TrustedInstaller service running on the Windows operating systemhosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization...
[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)
Posted by Thierry Zoller on Feb 18
Bugtraq: Web Application Firewall bypass via Bluecoat device
Web Application Firewall bypass via Bluecoat device
[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)
Posted by Thierry Zoller on Feb 18
[SECURITY] [DSA 4626-1] php7.3 security update
Posted by Moritz Muehlenhoff on Feb 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4626-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : php7.3
CVE ID : CVE-2019-11045 CVE-2019-11046...
[SECURITY] [DSA 4627-1] webkit2gtk security update
Posted by Moritz Muehlenhoff on Feb 18
-------------------------------------------------------------------------Debian Security Advisory DSA-4627-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2020-3862 CVE-2020-3864...
Bugtraq: [SECURITY] [DSA 4625-1] thunderbird security update
[SECURITY] [DSA 4625-1] thunderbird security update
Bugtraq: [SECURITY] [DSA 4624-1] evince security update
[SECURITY] [DSA 4624-1] evince security update
Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
Web Application Firewall bypass via Bluecoat device
Posted by RedTimmy Security on Feb 16
Hi,we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".
We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.
Full story is here:...
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
Posted by Carlos Alberto Lopez Perez on Feb 16
------------------------------------------------------------------------WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
------------------------------------------------------------------------
Date reported : February 14, 2020
Advisory ID : WSA-2020-0002
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0002.html
WPE WebKit Advisory URL :...
[SECURITY] [DSA 4620-1] firefox-esr security update
Posted by Moritz Muehlenhoff on Feb 16
-------------------------------------------------------------------------Debian Security Advisory DSA-4620-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2020-6796 CVE-2020-6798...
[SECURITY] [DSA 4621-1] openjdk-8 security update
Posted by Moritz Muehlenhoff on Feb 16
-------------------------------------------------------------------------Debian Security Advisory DSA-4621-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : openjdk-8
CVE ID : CVE-2020-2583 CVE-2020-2590...
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
Posted by Imre Rad on Feb 16
The TrustedInstaller service running on the Windows operating systemhosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization...
[slackware-security] libarchive (SSA:2020-043-01)
Posted by Slackware Security Team on Feb 16
[slackware-security] libarchive (SSA:2020-043-01)New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz: Upgraded.
This update includes security fixes in the RAR5 reader.
(* Security fix *)
+--------------------------+
Where to find the new packages:...
[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)
Posted by Thierry Zoller on Feb 16
Bugtraq: [SECURITY] [DSA 4623-1] postgresql-11 security update
[SECURITY] [DSA 4623-1] postgresql-11 security update
Bugtraq: [SECURITY] [DSA 4622-1] postgresql-9.6 security update
[SECURITY] [DSA 4622-1] postgresql-9.6 security update
Bugtraq: [EnumJavaLibs]_ Remote Java classpath enumerator
[EnumJavaLibs]_ Remote Java classpath enumerator
Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)
[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)
