Security News

Vuln: Microsoft Windows AppX Deployment Service Incomplete Fix Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 10 June, 2019 - 23:00
Microsoft Windows AppX Deployment Service Incomplete Fix Local Privilege Escalation Vulnerability

CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8

Bug Traq - 10 June, 2019 - 03:27

Posted by Imre Rad on Jun 10

Affected product:
WampServer 3.1.4-3.1.8

Offiical description:
"WampServer is a Windows web development environment. It allows you to
create web applications with Apache2, PHP and a MySQL database.
Alongside, PhpMyAdmin allows you to manage easily your databases."

Official website:
http://www.wampserver.com/en/

Vulnerability description:
The add_vhost.php script in the administration panel of Wampserver was
vulnerable to Cross Site...

[SECURITY] [DSA 4458-1] cyrus-imapd security update

Bug Traq - 10 June, 2019 - 00:09

Posted by Salvatore Bonaccorso on Jun 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4458-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cyrus-imapd
CVE ID : CVE-2019-11356

A flaw was...

Newly releases IoT security issues

Bug Traq - 10 June, 2019 - 00:05

Posted by stevesim84 on Jun 09

Two repositories containing security issues against various kinds of IoT devices ranging from consumer electronics such
as smart routers, smart home controllers, smart IP cameras to IIoT used tools as well as routers seem to have been
released.

One of them is identified by Samuel Huntley and it is in Moxa IIoT router --
https://github.com/samuelhuntley/Moxa_AWK_1121

The other one is identified by Mandar Satam who works in the security field...

[SECURITY] [DSA 4457-1] evolution security update

Bug Traq - 9 June, 2019 - 23:55

Posted by Sebastien Delafond on Jun 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4457-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
June 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : evolution
CVE ID : CVE-2018-15587
Debian Bug :...

[SECURITY] [DSA 4454-2] qemu regression update

Bug Traq - 6 June, 2019 - 23:44

Posted by Salvatore Bonaccorso on Jun 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4454-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
Debian Bug : 929067

Vincent Tondellier reported...

[SECURITY] [DSA 4456-1] exim4 security update

Bug Traq - 5 June, 2019 - 21:24

Posted by Salvatore Bonaccorso on Jun 05

-------------------------------------------------------------------------
Debian Security Advisory DSA-4456-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-10149

The Qualys Research...

[SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability

Bug Traq - 4 June, 2019 - 06:18

Posted by matthias . deeg on Jun 04

Advisory ID: SYSS-2019-015
Product: R700 Laser Presentation Remote
Manufacturer: Logitech
Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-12
Solution Date: -
Public...

[SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability

Bug Traq - 4 June, 2019 - 06:15

Posted by matthias . deeg on Jun 04

Advisory ID: SYSS-2019-008
Product: 2.4 GHz Wearable Wireless Presenter WP2002
Manufacturer: Inateck
Affected Version(s): n/a
Tested Version(s): n/a
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12504
Author of...

[SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability

Bug Traq - 4 June, 2019 - 06:11

Posted by matthias . deeg on Jun 04

Advisory ID: SYSS-2019-007
Product: 2.4 GHz Wireless Presenter WP1001
Manufacturer: Inateck
Affected Version(s): Rev. v1.3C
Tested Version(s): Rev. v1.3C
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12505
Author of...

[SECURITY] [DSA 4455-1] heimdal security update

Bug Traq - 3 June, 2019 - 23:27

Posted by Salvatore Bonaccorso on Jun 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-4455-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 03, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : heimdal
CVE ID : CVE-2018-16860 CVE-2019-12098...

Rapid7’s Windows InsightIDR Agent: Local Privilege Escalation

Bug Traq - 3 June, 2019 - 05:49

Posted by Florian Bogner on Jun 03

Local Privilege Escalation in Rapid7’s Windows Insight IDR Agent

Metadata
===================================================
Release Date: 03-Jun-2019
Author: Florian Bogner @ https://bee-itsecurity.at
Affected product: Rapid7’s Insight Agent v2.6.3.14 and earlier for Windows
Fixed in: version 2.6.5
Tested on: Windows 10 x64 fully patched
CVE: CVE-2019-5629
URL:...

Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3))

Bug Traq - 31 May, 2019 - 07:34

Posted by Onur Onur on May 31

Description:
The rpWLANRedirect.asp ASP page is accessible without authentication
on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the
page, the admin user's password can be obtained by viewing the HTML
source code, and the interface of the modem can be accessed as admin.

Solution:
The manufacturer has released the hotfix via dropbox for the current
vulnerability....

Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3))

Bug Traq - 31 May, 2019 - 06:54

Posted by Onur Onur on May 31

Description:
The rpWLANRedirect.asp ASP page is accessible without authentication
on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the
page, the admin user's password can be obtained by viewing the HTML
source code, and the interface of the modem can be accessed as admin.

Solution:
The manufacturer has released the hotfix via dropbox for the current
vulnerability....

APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

Bug Traq - 31 May, 2019 - 06:51

Posted by Apple Product Security on May 31

APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1

AirPort Base Station Firmware Update 7.9.1 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8581: Lucio Albornoz

AirPort Base...

[SECURITY] [DSA 4454-1] qemu security update

Bug Traq - 31 May, 2019 - 06:48

Posted by Moritz Muehlenhoff on May 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-4454-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 30, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2018-11806 CVE-2018-12617...

[SECURITY] [DSA 4453-1] openjdk-8 security update

Bug Traq - 30 May, 2019 - 11:51

Posted by Moritz Muehlenhoff on May 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4453-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 29, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2019-2602 CVE-2019-2684...

Anviz M3 RFID Access Control security issues

Full Disclosure - 29 May, 2019 - 21:04

Posted by Marco on May 29

Security issues have been found in the Anviz M3 RFID Access Control
device when working in standalone mode connected to a TCP/IP network,
that could lead to access control bypass and private informations
leakage and alteration.

### Advisory information

TITLE: Anviz M3 RFID Access Control security issues
ADVISORY URL: https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc/
DATE PUBLISHED: 2019/05/22
AFFECTED VENDORS: Anviz
AFFECTED...

XSS in SSI printenv command – Apache Tomcat – CVE-2019-0221

Full Disclosure - 29 May, 2019 - 21:04

Posted by Nightwatch Cybersecurity Research on May 29

[Original blog post here:
https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/]

SUMMARY

Apache Tomcat had a vulnerability in its SSI implementation which
could be used to achieve cross site scripting (XSS). This is only
exploitable if SSI is enabled and the “printenv” directive is used
which is unlikely in a production system.

The vendor has rated this as a Low severity issue. A fix...

APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

Full Disclosure - 29 May, 2019 - 21:03

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2019-5-28-1 iTunes for Windows 12.9.5

iTunes for Windows 12.9.5 is now available and addresses the
following:

SQLite
Available for: Windows 7 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead...
Syndicate content