Security News

Bugtraq: CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

Security Focus Vulnerabilities - 18 February, 2020 - 02:55
CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

Web Application Firewall bypass via Bluecoat device

Bug Traq - 16 February, 2020 - 23:54

Posted by RedTimmy Security on Feb 16

Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:...

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002

Bug Traq - 16 February, 2020 - 23:53

Posted by Carlos Alberto Lopez Perez on Feb 16

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
------------------------------------------------------------------------

Date reported : February 14, 2020
Advisory ID : WSA-2020-0002
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0002.html
WPE WebKit Advisory URL :...

[SECURITY] [DSA 4620-1] firefox-esr security update

Bug Traq - 16 February, 2020 - 23:53

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4620-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2020-6796 CVE-2020-6798...

[SECURITY] [DSA 4621-1] openjdk-8 security update

Bug Traq - 16 February, 2020 - 23:47

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4621-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-8
CVE ID : CVE-2020-2583 CVE-2020-2590...

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

Bug Traq - 16 February, 2020 - 23:41

Posted by Imre Rad on Feb 16

The TrustedInstaller service running on the Windows operating system
hosts a COM service called Sxs Store Class; its ISxsStore interface
provides methods to install/uninstall assemblies via application
manifests files into the WinSxS store. These API methods were meant to
be available for users with administrative privileges only, but the
logic was unintentionally exposed to anyone on the system due to
improper implementation of the authorization...

[slackware-security] libarchive (SSA:2020-043-01)

Bug Traq - 16 February, 2020 - 23:41

Posted by Slackware Security Team on Feb 16

[slackware-security] libarchive (SSA:2020-043-01)

New libarchive packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.4.2-i586-1_slack14.2.txz: Upgraded.
This update includes security fixes in the RAR5 reader.
(* Security fix *)
+--------------------------+

Where to find the new packages:...

[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)

Bug Traq - 16 February, 2020 - 23:37

Posted by Thierry Zoller on Feb 16


Bugtraq: [SECURITY] [DSA 4623-1] postgresql-11 security update

Security Focus Vulnerabilities - 16 February, 2020 - 23:35
[SECURITY] [DSA 4623-1] postgresql-11 security update

Bugtraq: [SECURITY] [DSA 4622-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 16 February, 2020 - 23:35
[SECURITY] [DSA 4622-1] postgresql-9.6 security update

Bugtraq: [EnumJavaLibs]_ Remote Java classpath enumerator

Security Focus Vulnerabilities - 16 February, 2020 - 23:35
[EnumJavaLibs]_ Remote Java classpath enumerator

Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

Security Focus Vulnerabilities - 16 February, 2020 - 23:35
[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

[SECURITY] [DSA 4624-1] evince security update

Bug Traq - 16 February, 2020 - 23:33

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4624-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 14, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : evince
CVE ID : CVE-2017-1000159 CVE-2019-11459...

[SECURITY] [DSA 4625-1] thunderbird security update

Bug Traq - 16 February, 2020 - 23:30

Posted by Moritz Muehlenhoff on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4625-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2020-6792 CVE-2020-6793...

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night

Daily Dave - 16 February, 2020 - 16:09

Posted by omarbv on Feb 16

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...

[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)

Full Disclosure - 14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

Full Disclosure - 14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)

Full Disclosure - 14 February, 2020 - 12:32

Posted by Thierry Zoller on Feb 14


[EnumJavaLibs]_ Remote Java classpath enumerator

Full Disclosure - 14 February, 2020 - 12:32

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night

Full Disclosure - 14 February, 2020 - 12:32

Posted by omarbv on Feb 14

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...
Syndicate content