Security News

[REVIVE-SA-2019-001] Revive Adserver - Multiple vulnerabilities

Bug Traq - 30 April, 2019 - 00:22

Posted by Matteo Beccati on Apr 29

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2019-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2019-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2019-04-23
Risk Level: High...

Vuln: Apache Archiva CVE-2019-0214 Arbitrary File Write Vulnerability

Security Focus Vulnerabilities - 29 April, 2019 - 23:00
Apache Archiva CVE-2019-0214 Arbitrary File Write Vulnerability

Vuln: Philips Tasy EMR CVE-2019-6562 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 29 April, 2019 - 23:00
Philips Tasy EMR CVE-2019-6562 Cross Site Scripting Vulnerability

Vuln: Citrix SD-WAN CVE-2019-11550 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 29 April, 2019 - 23:00
Citrix SD-WAN CVE-2019-11550 Information Disclosure Vulnerability

Vuln: Rockwell Automation ControlLogix ICSA-19-120-01 Multiple Buffer Overflow Vulnerabilities

Security Focus Vulnerabilities - 29 April, 2019 - 23:00
Rockwell Automation ControlLogix ICSA-19-120-01 Multiple Buffer Overflow Vulnerabilities

Vuln: ImageMagick CVE-2019-10131 Denial of Service Vulnerability

Security Focus Vulnerabilities - 29 April, 2019 - 23:00
ImageMagick CVE-2019-10131 Denial of Service Vulnerability

[SECURITY] [DSA 4436-1] imagemagick security update

Bug Traq - 29 April, 2019 - 02:42

Posted by Moritz Muehlenhoff on Apr 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4436-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2019-9956 CVE-2019-10650...

[SECURITY] [DSA 4435-1] libpng1.6 security update

Bug Traq - 29 April, 2019 - 02:38

Posted by Salvatore Bonaccorso on Apr 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4435-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libpng1.6
CVE ID : CVE-2019-7317
Debian Bug :...

[slackware-security] bind (SSA:2019-116-01)

Bug Traq - 29 April, 2019 - 02:34

Posted by Slackware Security Team on Apr 29

[slackware-security] bind (SSA:2019-116-01)

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
The TCP client quota set using the tcp-clients option could be exceeded
in some cases. This could lead to...

Vuln: ImageMagick Multiple Heap Buffer Overflow Vulnerabilities

Security Focus Vulnerabilities - 28 April, 2019 - 23:00
ImageMagick Multiple Heap Buffer Overflow Vulnerabilities

Re: GAT-Ship Web Module [All versions before 1.40] - Unrestricted File Upload

Full Disclosure - 26 April, 2019 - 12:00

Posted by gionreale on Apr 26

CVE-2019-11028

Vuln: Ghostscript Multiple Security Bypass Vulnerabilities

Security Focus Vulnerabilities - 25 April, 2019 - 23:00
Ghostscript Multiple Security Bypass Vulnerabilities

Vuln: Ghostscript CVE-2018-18284 Security Bypass Vulnerability

Security Focus Vulnerabilities - 25 April, 2019 - 23:00
Ghostscript CVE-2018-18284 Security Bypass Vulnerability

Vuln: Ghostscript 'shading_param' Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 25 April, 2019 - 23:00
Ghostscript 'shading_param' Remote Code Execution Vulnerability

Vuln: Atlassian Confluence Server and Confluence Data Center Directory Traversal Vulnerability

Security Focus Vulnerabilities - 25 April, 2019 - 23:00
Atlassian Confluence Server and Confluence Data Center Directory Traversal Vulnerability

Multiple vulnerabilities in Sony Smart TVs

Bug Traq - 24 April, 2019 - 03:39

Posted by xen1thLabs on Apr 24

UNCLASSIFIED

## ADVISORY INFORMATION

TITLE: Multiple vulnerabilities in Sony Smart TVs
ADVISORY URL:
https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
DATE PUBLISHED: 23/04/2019
AFFECTED VENDORS: Sony
RELEASE MODE: Coordinated release
CVE: CVE-2019-10886, CVE-2019-11336
CVSSv3 for CVE-2019-10886: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSSv3 for CVE-2019-11336: 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

## PRODUCT...

Confluence Security Advisory - 2019-04-17

Bug Traq - 24 April, 2019 - 03:34

Posted by Atlassian on Apr 24

This email refers to the advisory found at
https://confluence.atlassian.com/x/d5e8OQ .

CVE ID:

* CVE-2019-3398.

Product: Confluence Server and Confluence Data Center.

Affected Confluence Server and Confluence Data Center versions:

6.6.0 <= version < 6.6.13
6.7.0 <= version < 6.12.4
6.13.0 <= version < 6.13.4
6.14.0 <= version < 6.14.3
6.15.0 <= version < 6.15.2

Fixed Confluence Server and Data Center versions:...

Multiple vulnerabilities in Sony Smart TVs

Full Disclosure - 23 April, 2019 - 12:26

Posted by xen1thLabs on Apr 23

UNCLASSIFIED

## ADVISORY INFORMATION

TITLE: Multiple vulnerabilities in Sony Smart TVs
ADVISORY URL:
https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
DATE PUBLISHED: 23/04/2019
AFFECTED VENDORS: Sony
RELEASE MODE: Coordinated release
CVE: CVE-2019-10886, CVE-2019-11336
CVSSv3 for CVE-2019-10886: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSSv3 for CVE-2019-11336: 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

## PRODUCT...

Re: Obtaining location using Google maps & JavaScript

Full Disclosure - 23 April, 2019 - 12:25

Posted by Reed Black on Apr 23

Have you tested this?

The Google Maps page header includes "x-frame-options: SAMEORIGIN” which would prevent iframe embedding in every
commonly used browser. But even if this control were not in place, browsers implement additional controls. Most
significantly, if the page to be embedded in an iframe is on a remote domain, then the parent page is prevented from
inspecting iframe content and metadata unless permissions are granted by...

WordPress Plugin Contact Form Builder [CSRF → LFI]

Full Disclosure - 23 April, 2019 - 12:23

Posted by Panagiotis Vagenas on Apr 23

# Exploit Title: Contact Form Builder [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-builder
# Version: 1.0.67
# Tested on: WordPress 5.1.1

Description
-----------

Plugin implements the following AJAX actions:

- `ContactFormMakerPreview`
- `ContactFormmakerwdcaptcha`
- `nopriv_ContactFormmakerwdcaptcha`
- `CFMShortcode`...
Syndicate content