Security News
DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability
Posted by secure on Mar 01
DSA-2019-038: RSA® Authentication Manager Insecure Credential Management VulnerabilityDell EMC Identifier: DSA-2019-038
CVE Identifier: CVE-2019-3711
Severity Rating: 5.8 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)
Affected Products:
• RSA® Authentication Manager version 8.4 and earlier
Summary:
RSA Authentication Manager contains a vulnerability associated with insecure credential management.
Details:
The Operations Console...
DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities
Posted by secure on Mar 01
DSA-2019-025: RSA Archer GRC Platform Multiple VulnerabilitiesDell EMC Identifier: DSA-2019-025
CVE Identifier: CVE-2019-3705, CVE-2019-3706
Severity Rating: See below for scores of individual CVEs
Affected Products:
RSA Archer versions prior to 6.5 P1 (CVE-2019-3705)
RSA Archer versions prior to 6.5 P2 (CVE-2019-3706)
Summary:
RSA Archer has fixes available for multiple security vulnerabilities that could potentially be exploited by...
[CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
Posted by Rafael Pedrero on Mar 01
In 2009...<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or...
Apache UNO API RCE
Posted by Axel Boesenach on Mar 01
Dear reader,I am not sure if I am contacting through the right email address but someone said I should e-mail you guys.
I found an RCE functionality in the Apache UNO API which could give an attacker control over a machine, or use a
machine already compromised in the network to exfiltrate data, etc.
The company that posted this issue on their blog is the company I did my internship. Copy-paste from the advisory on
there:
[START OF...
SHAREit for Android Authentication Bypass and Remote File Download
Posted by RedForce Advisory on Mar 01
RedForce Advisoryhttps://redforce.io
## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.
## Introduction
SHAREit for Android is a popular application used for file...
[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Posted by advisories on Mar 01
SecureAuth - SecureAuth Labs Advisoryhttp://www.secureauth.com/
Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
1. *Advisory Information*
Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...
[SECURITY] [DSA 4401-1] wordpress security update
Posted by Sebastien Delafond on Mar 01
-------------------------------------------------------------------------Debian Security Advisory DSA-4401-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : wordpress
CVE ID : CVE-2018-20147 CVE-2018-20148...
[SECURITY] [DSA 4400-1] openssl1.0 security update
Posted by Moritz Muehlenhoff on Feb 28
-------------------------------------------------------------------------Debian Security Advisory DSA-4400-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : openssl1.0
CVE ID : CVE-2019-1559
Juraj...
[SECURITY] [DSA 4399-1] ikiwiki security update
Posted by Moritz Muehlenhoff on Feb 28
-------------------------------------------------------------------------Debian Security Advisory DSA-4399-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : ikiwiki
CVE ID : CVE-2019-9187
Joey Hess...
[SECURITY] [DSA 4398-1] php7.0 security update
Posted by Moritz Muehlenhoff on Feb 28
-------------------------------------------------------------------------Debian Security Advisory DSA-4398-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : php7.0
CVE ID : CVE-2019-9020 CVE-2019-9021...
AST-2019-001: Remote crash vulnerability with SDP protocol violation
Posted by Asterisk Security Team on Feb 28
Asterisk Project Security Advisory - AST-2019-001Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...
[SECURITY] [DSA 4397-1] ldb security update
Posted by Salvatore Bonaccorso on Feb 28
-------------------------------------------------------------------------Debian Security Advisory DSA-4397-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : ldb
CVE ID : CVE-2019-3824
Garming Sam reported an...
AST-2019-001: Remote crash vulnerability with SDP protocol violation
Posted by Asterisk Security Team on Feb 28
Asterisk Project Security Advisory - AST-2019-001Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...
[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Posted by advisories on Feb 28
SecureAuth - SecureAuth Labs Advisoryhttp://www.secureauth.com/
Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
1. *Advisory Information*
Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...
[SECURITY] [DSA 4395-2] chromium regression update
Posted by Michael Gilbert on Feb 27
-------------------------------------------------------------------------Debian Security Advisory DSA-4395-2 security () debian org
https://www.debian.org/security/ Michael Gilbert
February 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : chromium
Debian Bug : 922794 923298
A regression was...
(no subject)
Posted by Steve Lord on Feb 27
44CON is the UK's premier annual technical security conference andtraining event. From the evening of the
11th of September till the 13th of September 2019, expect a top-tier
international technical conference
with fast wifi, loose 0day, a village pub and of course, Gin O'Clock.
__ __ __ __ __________ _ __
/ // / / // / / ____/ __ \/ | / / | "You can hack us
/ // /_/ // /_/ / / / / / |/ / | You can...
[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)
Posted by Slackware Security Team on Feb 27
[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)New openssl packages are available for Slackware 14.2 to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz: Upgraded.
Go into the error state if a fatal alert is sent or received. If an
application calls SSL_shutdown after a fatal alert has occured and
then behaves...
SHAREit for Android Authentication Bypass and Remote File Download
Posted by RedForce Advisory on Feb 26
RedForce Advisoryhttps://redforce.io
## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.
## Introduction
SHAREit for Android is a popular application used for file...
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
Posted by Stefan Kanthak on Feb 26
Hi @ll,Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535
This announcement ends in
| For more information on how you can onboard...
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
Posted by Stefan Kanthak on Feb 26
Hi @ll,Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535
This announcement ends in
| For more information on how you can onboard...
