Security News

Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 18 June, 2019 - 23:00
Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability

[SECURITY] [DSA 4465-1] linux security update

Bug Traq - 18 June, 2019 - 12:12

Posted by Salvatore Bonaccorso on Jun 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4465-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-3846 CVE-2019-5489...

CVE-2019-12323 / HC10 HC.Server Service 10.14 / Remote Invalid Pointer Write

Full Disclosure - 18 June, 2019 - 03:27

Posted by hyp3rlinx on Jun 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt
[+] ISR: ApparitionSec

[Vendor]
www.hostingcontroller.com

[Product]
HC10 HC.Server Service 10.14

HC10 is a unified hosting automation control panel for web hosts and Cloud
based service providers to manage both Windows & Linux servers
simultaneously as part...

Microsoft Word (2016) / Deceptive File Reference Vuln

Full Disclosure - 18 June, 2019 - 03:27

Posted by hyp3rlinx on Jun 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Word 2016

[Vulnerability Type]
Deceptive File Reference

[References]
ZDI-CAN-7949

[Security Issue]
When a MS Word ".docx" File contains a hyperlink to...

BlogEngine.NET Directory traversal + RCE

Full Disclosure - 18 June, 2019 - 03:27

Posted by aaron bishop on Jun 18

BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate
Directory Traversal issues that can lead to Remote Code Execution.

CVE-2019-10719 exploits a directory traversal in /api/upload, allowing
users to write files to any location within the web root. This bypasses
the protection added in version 3.3.7 to prevent CVE-2019-6714. A user,
with the ability to add images or files to posts, can upload a malicious
PostView.ascx file...

Vuln: GNU Bash CVE-2012-6711 Local Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 17 June, 2019 - 23:00
GNU Bash CVE-2012-6711 Local Heap Buffer Overflow Vulnerability

Vuln: Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 17 June, 2019 - 23:00
Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

Vuln: Apache Allura CVE-2019-10085 HTML Injection Vulnerability

Security Focus Vulnerabilities - 17 June, 2019 - 23:00
Apache Allura CVE-2019-10085 HTML Injection Vulnerability

Vuln: Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 17 June, 2019 - 23:00
Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability

Vuln: WhatsApp CVE-2018-6350 Out of Bounds Read Denial of Service Vulnerability

Security Focus Vulnerabilities - 17 June, 2019 - 23:00
WhatsApp CVE-2018-6350 Out of Bounds Read Denial of Service Vulnerability

[SECURITY] [DSA 4464-1] thunderbird security update

Bug Traq - 17 June, 2019 - 04:44

Posted by Moritz Muehlenhoff on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4464-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11703 CVE-2019-11704...

Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949

Bug Traq - 17 June, 2019 - 04:44

Posted by apparitionsec on Jun 17

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Word 2016

[Vulnerability Type]
Deceptive File Reference

[References]
ZDI-CAN-7949

[Security Issue]
When a MS Word ".docx" File contains a...

[SECURITY] [DSA 4463-1] znc security update

Bug Traq - 17 June, 2019 - 04:39

Posted by Salvatore Bonaccorso on Jun 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4463-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : znc
CVE ID : CVE-2019-9917 CVE-2019-12816
Debian...

[SE-2019-01] Java Card vulnerabilities (post shutdown release)

Bug Traq - 17 June, 2019 - 04:36

Posted by Adam Gowdiak on Jun 17

Hello All,

Original reports that were submitted to Oracle and Gemalto have been
posted to Security Explorations website:

http://www.security-explorations.com/javacard_details.html

This should help all interested parties to proceed with an independent
evaluation of the issues, but also judge Oracle and Gemalto stance with
respect to them.

Thank you.

Best Regards,
adam gowdiak

Vuln: Cisco Identity Services Engine CVE-2018-0187 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 16 June, 2019 - 23:00
Cisco Identity Services Engine CVE-2018-0187 Information Disclosure Vulnerability

Vuln: Google Chrome CVE-2019-5842 Remote Security Vulnerability

Security Focus Vulnerabilities - 16 June, 2019 - 23:00
Google Chrome CVE-2019-5842 Remote Security Vulnerability

DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability

Full Disclosure - 14 June, 2019 - 14:27

Posted by secure on Jun 14

DSA-2019-092: Dell EMC Avamar Security Update for ADMe Web UI Vulnerability
Dell EMC Identifier: DSA-2019-092
CVE Identifier: CVE-2019-3737
Severity: High
Severity Rating: CVSS v3 Base Score: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected products:
DELL EMC Avamar(r) ADMe Web UI (c) 1.0.50, 1.0.51

Summary:
DELL EMC Avamar(r) Data Migration Enabler (ADMe) Web UI requires security updates to address a local file include(LFI)...

[Project] Open frame to the main.

Full Disclosure - 14 June, 2019 - 14:26

Posted by hacksomeheavymetal via Fulldisclosure on Jun 14

Despite of anakata's motives one thing is certain, thanks to him some
people got hooked and started to talk about the security of mainframes.
Since then, few individuals, and before that even fewer, did their best
sharing their knowledge in the field and contributing to the infosec and
mainframe communities. This however was still not enough to close the gap
between mainframes and the rest of the world.

I'm sharing the bits and pieces...

X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird

Full Disclosure - 14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-004

Type confusion in Thunderbird
=============================
Severity Rating: Medium
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646
Vector: Incoming mail with calendar attachment
Credit: X41 D-SEC GmbH, Luis Merino...

X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird

Full Disclosure - 14 June, 2019 - 14:25

Posted by X41 D-Sec GmbH Advisories on Jun 14

X41 D-Sec GmbH Security Advisory: X41-2019-003

Stack-based buffer overflow in Thunderbird
==========================================
Severity Rating: High
Confirmed Affected Versions: All versions affected
Confirmed Patched Versions: Thunderbird ESR 60.7.XXX
Vendor: Thunderbird
Vendor URL: https://www.thunderbird.net/
Vendor Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808
Vector: Incoming mail with calendar attachment
Credit: X41...
Syndicate content