Security News

Emerson Network Power Cross Site Scripting(XSS) Vulnerability

Full Disclosure - 21 May, 2019 - 12:13

Posted by Kubilay Onur Gungor on May 21

I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

II. CVE REFERENCE
-------------------------
CVE-2019-12167

III. VENDOR
-------------------------
Emerson Network Power

IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered

V. CREDIT
-------------------------
Kubilay Onur Gungor from Cyber Struggle

VI....

Blackhole for Bad Bots WordPress Plugin 2.5 - Detection Bypass

Full Disclosure - 21 May, 2019 - 12:11

Posted by gionreale on May 21

Blackhole for Bad Bots protects your site against bad bots, spammers, scrapers, scanners, and other automated threats.

Version 2.5 fails to avoid fingerprinting by including predictable data within the "blackhole_trigger" . Giving
attackers the ability to detect and avoid this system.

Discovered by Gionathan Armando Reale

Epic Web Honeypot 2.0a - Fingerprinting Vulnerability

Full Disclosure - 21 May, 2019 - 12:11

Posted by gionreale on May 21

The Epic Web Honeypot Project aims to lure attackers using various types of web vulnerability scanners by tricking them
into believing that they have found a vulnerability on a host.

Version 2.0a fails to avoid fingerprinting by including predictable data and size within index.html(the main file).
Giving attackers the ability to detect and avoid this system.

Discovered by Gionathan Armando Reale

Re: GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

Full Disclosure - 21 May, 2019 - 12:11

Posted by gionreale on May 21

CVE-2019-12163.

[REVIVE-SA-2019-002] Revive Adserver Vulnerability

Bug Traq - 21 May, 2019 - 08:33

Posted by Matteo Beccati on May 21

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2019-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2019-002
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2019-05-21
Risk Level: High...

CSRF in Darktrace Enterprise Immune System <=3.0.10

Bug Traq - 21 May, 2019 - 08:29

Posted by Gerwout Van der Veen on May 21

1 - Vulnerability
Darktrace Enterpise Immune System 3.0.9 and 3.0.10 contains multiple
cross site request forgery vulnerabilities. It is highly likely that
older versions are affected as well, but this has not been confirmed.
An attacker can whitelist domains and/or change core Darktrace
configuration. The below proof of concept whitelists
www.evilhackers.com, completely disables all types of alerting and it
disables the Antigena component....

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003

Bug Traq - 21 May, 2019 - 01:41

Posted by Michael Catanzaro on May 20

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
------------------------------------------------------------------------

Date reported : May 20, 2019
Advisory ID : WSA-2019-0003
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0003.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0003.html
CVE identifiers : CVE-2019-6237,...

Advisory: security controls configured in php.ini could be bypassed on Linux

Bug Traq - 21 May, 2019 - 01:37

Posted by Imre Rad on May 20

"PHP is a popular general-purpose scripting language that is
especially suited to web development."

PHP has deployed several features over the years that are prone to
incorrect architectural decisions (safe mode
https://www.php.net/manual/en/features.safe-mode.php or open_basedir
http://news.php.net/php.internals/105606), to have unexpected security
implications (register globals
https://www.php.net/manual/en/security.globals.php), or...

Vuln: Microsoft Windows 'SetJobFileSecurityByName()' Function Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 20 May, 2019 - 23:00
Microsoft Windows 'SetJobFileSecurityByName()' Function Local Privilege Escalation Vulnerability

Vuln: Mozilla Firefox Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 20 May, 2019 - 23:00
Mozilla Firefox Multiple Security Vulnerabilities

Vuln: Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-10977 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 20 May, 2019 - 23:00
Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-10977 Remote Denial of Service Vulnerability

Vuln: Mozilla Firefox/Thunderbird/Firefox ESR Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 20 May, 2019 - 23:00
Mozilla Firefox/Thunderbird/Firefox ESR Multiple Security Vulnerabilities

Emerson Network Power Cross Site Scripting(XSS) Vulnerability

Bug Traq - 19 May, 2019 - 22:53

Posted by Kubilay Onur Gungor on May 19

I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.

II. CVE REFERENCE
-------------------------
CVE-2019-12167

III. VENDOR
-------------------------
Emerson Network Power

IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered

V. CREDIT...

local privilege escalation via CDE dtprintinfo

Bug Traq - 19 May, 2019 - 22:49

Posted by Marco Ivaldi on May 19

Dear Bugtraq,

Please find attached an advisory for the following vulnerability:

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the
Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13
(Update 11) and earlier, allows local users to gain root privileges via a long
printer name passed to dtprintinfo by a malicious lpstat program.

Note that Oracle Solaris CDE is based on the original CDE 1.x...

local privilege escalation via CDE dtprintinfo

Full Disclosure - 17 May, 2019 - 11:47

Posted by Marco Ivaldi on May 17

Dear Full Disclosure,

Please find attached an advisory for the following vulnerability:

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the
Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13
(Update 11) and earlier, allows local users to gain root privileges via a long
printer name passed to dtprintinfo by a malicious lpstat program.

Note that Oracle Solaris CDE is based on the original...

[CVE-2019-11880] CommSy <= 8.6.5 - SQL injection

Full Disclosure - 17 May, 2019 - 11:47

Posted by Jens Regel | Schneider & Wulf on May 17

Title:
======
CommSy <= 8.6.5 - SQL injection

Researcher:
===========
Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG

CVE-ID:
=======
CVE-2019-11880

Timeline:
=========
2019-04-15 Vulnerability discovered
2019-04-15 Asked for security contact and PGP key
2019-04-16 Send details to the vendor
2019-05-07 Flaw was approved but will not be fixed in branch 8.6
2019-05-15 Public disclosure

Affected Products:
==================...

GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

Full Disclosure - 17 May, 2019 - 11:46

Posted by gionreale on May 17

GAT-Ship Web Module >1.30 - Unauthenticated Information Disclosure Vulnerability

It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system
information via a crafted request:

PoC:
---------------------------------------------------------------------------------------------------------------------------------------

POST /ws/gatshipWs.asmx/SqlVersion <...

The Past is not the Past

Daily Dave - 17 May, 2019 - 09:22

Posted by Dave Aitel on May 17

https://techblog.mediaservice.net/2019/05/raptor-at-infiltrate-2019/ <--Marco
Ivaldi's blogpost on INFILTRATE.

I would go into more depth in this email but I feel like you should just go
read his post and watch his talk: https://vimeo.com/335197685.

-dave

[RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway

Bug Traq - 17 May, 2019 - 06:23

Posted by RedTeam Pentesting GmbH on May 17

Advisory: Directory Traversal in Cisco Expressway Gateway

RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.

Details
=======

Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Fixed Versions: See Cisco Bug ID CSCvo47769 [1]
Vulnerability Type: Directory Traversal
Security Risk: medium
Vendor URL:...

[RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway

Full Disclosure - 17 May, 2019 - 02:37

Posted by RedTeam Pentesting GmbH on May 17

Advisory: Directory Traversal in Cisco Expressway Gateway

RedTeam Pentesting discovered a directory traversal vulnerability in
Cisco Expressway which enables access to administrative web interfaces.

Details
=======

Product: Cisco Expressway Gateway
Affected Versions: 11.5.1, possibly others
Fixed Versions: See Cisco Bug ID CSCvo47769 [1]
Vulnerability Type: Directory Traversal
Security Risk: medium
Vendor URL:...
Syndicate content