Security News

CVE-2020-1113 - Windows Task Scheduler - Security Feature Bypass

Full Disclosure - 15 May, 2020 - 10:42

Posted by Advisories on May 15

################################################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
################################################################################
#
# Product: Windows Task Scheduler
# Vendor: Microsoft
# CSNC ID: CSNC-2010-001
# CVE ID: CVE-2020-1113
# Subject: Security Feature Bypass
# Risk: High
# Effect: Remotely exploitable
#...

KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege

Full Disclosure - 14 May, 2020 - 14:00

Posted by KoreLogic Disclosures via Fulldisclosure on May 14

KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege

Title: Cellebrite Restricted Desktop Escape and Escalation of User Privilege
Advisory ID: KL-001-2020-002
Publication Date: 2020.05.14
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt

1. Vulnerability Details

     Affected Vendor: Cellebrite
     Affected Product: UFED
     Affected Version: 5.0 - 7.5.0.845...

Sellacious eCommerce - Multiple Persistent Vulnerabilities

Full Disclosure - 13 May, 2020 - 02:14

Posted by Vulnerability Lab on May 13

Document Title:
===============
Sellacious eCommerce - Multiple Persistent Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2226

Release Date:
=============
2020-05-08

Vulnerability Laboratory ID (VL-ID):
====================================
2226

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================
Cross Site...

Tryton v5.4 - (Name) Persistent Cross Site Vulnerability

Full Disclosure - 13 May, 2020 - 02:04

Posted by Vulnerability Lab on May 13

Document Title:
===============
Tryton v5.4 - (Name) Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2233

Release Date:
=============
2020-05-12

Vulnerability Laboratory ID (VL-ID):
====================================
2233

Common Vulnerability Scoring System:
====================================
4.4

Vulnerability Class:
====================
Cross Site...

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components

Bug Traq - 25 February, 2020 - 05:07

Posted by Stefan Kanthak on Feb 25

Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...

Local information disclosure in OpenSMTPD (CVE-2020-8793)

Bug Traq - 25 February, 2020 - 05:04

Posted by Qualys Security Advisory on Feb 25

Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Bug Traq - 25 February, 2020 - 05:04

Posted by Qualys Security Advisory on Feb 25

Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

[SECURITY] [DSA 4633-1] curl security update

Bug Traq - 25 February, 2020 - 04:56

Posted by Alessandro Ghedini on Feb 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4633-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2019-5436 CVE-2019-5481...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bug Traq - 25 February, 2020 - 04:52

Posted by Jamie R on Feb 25

I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a
thing on advisories.

Ref:...

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass

Bug Traq - 24 February, 2020 - 10:57

Posted by Thierry Zoller on Feb 24


[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)

Bug Traq - 24 February, 2020 - 05:01

Posted by Thierry Zoller on Feb 24


[slackware-security] proftpd (SSA:2020-051-01)

Bug Traq - 21 February, 2020 - 01:22

Posted by Slackware Security Team on Feb 20

[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security...

[SECURITY] [DSA 4628-1] php7.0 security update

Bug Traq - 19 February, 2020 - 08:59

Posted by Moritz Muehlenhoff on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4628-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4629-1] python-django security update

Bug Traq - 19 February, 2020 - 08:56

Posted by Sebastien Delafond on Feb 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-4629-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2020-7471
Debian Bug...

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)

Bug Traq - 18 February, 2020 - 11:22

Posted by Thierry Zoller on Feb 18


[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

Bug Traq - 18 February, 2020 - 03:05

Posted by Thierry Zoller on Feb 18


[SECURITY] [DSA 4626-1] php7.3 security update

Bug Traq - 18 February, 2020 - 03:04

Posted by Moritz Muehlenhoff on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4626-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4627-1] webkit2gtk security update

Bug Traq - 18 February, 2020 - 03:00

Posted by Moritz Muehlenhoff on Feb 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-4627-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2020-3862 CVE-2020-3864...

Web Application Firewall bypass via Bluecoat device

Bug Traq - 16 February, 2020 - 23:54

Posted by RedTimmy Security on Feb 16

Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:...

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002

Bug Traq - 16 February, 2020 - 23:53

Posted by Carlos Alberto Lopez Perez on Feb 16

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
------------------------------------------------------------------------

Date reported : February 14, 2020
Advisory ID : WSA-2020-0002
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0002.html
WPE WebKit Advisory URL :...
Syndicate content