Security News

[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

Bug Traq - 24 January, 2019 - 04:53

Posted by RedTeam Pentesting GmbH on Jan 24

Advisory: Cisco RV320 Unauthenticated Configuration Export

RedTeam Pentesting discovered that the configuration of a Cisco RV320
router may be exported without authentication through the device's web
interface.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15, 1.4.2.17
Fixed Versions: since 1.4.2.19
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:...

[RT-SA-2018-004] Cisco RV320 Command Injection

Full Disclosure - 24 January, 2019 - 04:38

Posted by RedTeam Pentesting GmbH on Jan 24

Advisory: Cisco RV320 Command Injection

RedTeam Pentesting discovered a command injection vulnerability in the
web-based certificate generator feature of the Cisco RV320 router.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15 and later
Fixed Versions: since 1.4.2.20
Vulnerability Type: Remote Code Execution
Security Risk: medium
Vendor URL:...

[RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

Full Disclosure - 24 January, 2019 - 04:38

Posted by RedTeam Pentesting GmbH on Jan 24

Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval

RedTeam Pentesting discovered that the Cisco RV320 router exposes
sensitive diagnostic data without authentication through the device's
web interface.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15, 1.4.2.17
Fixed Versions: since 1.4.2.19
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:...

[RT-SA-2018-002] Cisco RV320 Unauthenticated Configuration Export

Full Disclosure - 24 January, 2019 - 04:38

Posted by RedTeam Pentesting GmbH on Jan 24

Advisory: Cisco RV320 Unauthenticated Configuration Export

RedTeam Pentesting discovered that the configuration of a Cisco RV320
router may be exported without authentication through the device's web
interface.

Details
=======

Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others
Affected Versions: 1.4.2.15, 1.4.2.17
Fixed Versions: since 1.4.2.19
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:...

Vuln: Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 24 January, 2019 - 00:00
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability

Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities

Security Focus Vulnerabilities - 24 January, 2019 - 00:00
Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities

Vuln: Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities

Security Focus Vulnerabilities - 23 January, 2019 - 00:00
Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities

Vuln: Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 23 January, 2019 - 00:00
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability

INFILTRATE talk announcement: Marco Ivaldi, The Story of a Solaris 0day

Daily Dave - 22 January, 2019 - 13:05

Posted by Dave Aitel on Jan 22

[cid:2f7cd9e5-b7e5-402e-8627-97751f587af5]

I don't want to talk too much about the talk, but I do want to talk a bit about INFILTRATE and what it was like in the
2000's to be a Unix hacker. Because almost everyone wrote _some_ exploits. These days, the supply chain is as vertical
as a glowworm's saliva lure, and equally sticky. You could specialize in blockchain security and literally never even
venture off the particular...

Vuln: Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability

Vuln: Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

Vuln: Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 22 January, 2019 - 00:00
Adobe Flash Player CVE-2018-15982 Use After Free Remote Code Execution Vulnerability

Vuln: Drupal Core Arbitrary PHP Code Execution Vulnerability

Security Focus Vulnerabilities - 21 January, 2019 - 00:00
Drupal Core Arbitrary PHP Code Execution Vulnerability

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 21 January, 2019 - 00:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Syndicate content