Security News

ZeroNights 2019

Full Disclosure - 3 September, 2019 - 12:10

Posted by CFP ZeroNights on Sep 03

ZeroNights 2019 CFP is OPEN: Offensive and defensive research
(15/30/45min). Submit your talk!

About conference

Place: Saint-Petersburg, Russia
Date: 12-13 November
Timeslots: 15/30/45min
Site: https://zeronights.org
CFP Timeline

CFP start: 1 August
CFP end: 10 October
Conditions:

A speaker may deliver either a long or a short talk. The terms and
conditions for each of the options are listed below.

Long or medium talk: A speaker is entitled...

Wolters Kluwer TeamMate+ – Cross-Site Request Forgery (CSRF) vulnerability

Full Disclosure - 3 September, 2019 - 12:10

Posted by Bhdresh on Sep 03

Hello,

Please find the below vulnerability details,

---------------------------------------------------------------------------------------------------------------------------------

# Exploit Title: Wolters Kluwer TeamMate+ – Cross-Site Request Forgery
(CSRF) vulnerability
# Date: 02/09/2019
# Exploit Author: Bhadresh Patel
# Version: <= TeamMate Version 3.1 (January 2019) (Internal Version:
21.0.0.0)
# CVE : CVE-2019-10253

This is an...

[SECURITY] [DSA 4512-1] qemu security update

Bug Traq - 2 September, 2019 - 16:33

Posted by Moritz Muehlenhoff on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-4512-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 02, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2019-13164 CVE-2019-14378...

Wolters Kluwer TeamMate+ Cross-Site Request Forgery (CSRF) vulnerability

Bug Traq - 2 September, 2019 - 03:56

Posted by bhdresh on Sep 02

Title:
====

Wolters Kluwer TeamMate+ – Cross-Site Request Forgery (CSRF) vulnerability

Credit:
======

Name: Bhadresh Patel

CVE:

====

CVE-2019-10253

Date:
====

19/03/2019 (dd/mm/yyyy)

Vendor:
======

Wolters Kluwer is a global leader in professional information, software solutions, and services for the health, tax &
accounting, finance, risk & compliance, and legal sectors. We help our customers make critical decisions every day...

[SECURITY] [DSA 4511-1] nghttp2 security update

Bug Traq - 2 September, 2019 - 03:53

Posted by Moritz Muehlenhoff on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-4511-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nghttp2
CVE ID : CVE-2019-9511 CVE-2019-9513

Two...

Advisory for Confluence Server Local File Disclosure Vulnerability (CVE-2019-3394)

Bug Traq - 2 September, 2019 - 03:50

Posted by Ming Chang on Sep 02

This email refers to the advisory found at
https://confluence.atlassian.com/x/uAsvOg .

CVE ID:

* CVE-2019-3394.

Product: Confluence Server.

Affected Confluence Server product versions:

6.1.0 <= version < 6.6.16
6.7.0 <= version < 6.13.7
6.14.0 <= version < 6.15.8

Fixed Confluence Server product versions:

* Confluence Server 6.6.16 has been released with a fix for this issue.
* Confluence Server 6.13.7 has been released...

Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root

Full Disclosure - 30 August, 2019 - 11:04

Posted by Pedro Ribeiro on Aug 30

Hi,

tl;dr three vulns (auth bypass, command injection, default password) in
Cisco UCS and Cisco IMC Supervisor, two of which (auth bypass + command
injection) can be chained to achieve unauthenticated RCE as root

Full advisory below, can also be fetched from
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-ucs-rce.txt

Metasploit modules have been submitted to:
https://github.com/rapid7/metasploit-framework/pull/12243...

New BlackArch Linux ISOs + OVA Image (2019.09.01)with 2350 Tools released

Full Disclosure - 30 August, 2019 - 11:03

Posted by Black Arch on Aug 30

Dear list,

We've released the new BlackArch Linux ISOs and OVA image (version:
2019.09.01). These are really special releases as many improvements
and QA went through all packages and tools Blackarch Linux offers! For
details see the ChangeLog below. The BlackArch repository, Live-ISO
and OVA image include more than 2350 tools now. The armv6h, armv7h and
aarch64 repositories are filled with about 2200 tools.

A ChangeLog of the...

GGPowerShell / Windows PowerShell Unsanitized RCE File Tool

Full Disclosure - 30 August, 2019 - 11:03

Posted by hyp3rlinx on Aug 30

Tool for creating Windows .PS files with the exploitable semicolon
condition. Has some options like reverse string PS command payload and
IP address as integer value etc...

http://hyp3rlinx.altervista.org/advisories/GGPowerShell.txt

from base64 import b64encode
from base64 import b64decode
from socket import *
import argparse,sys,socket,struct,re

#GGPowerShell
#Microsoft Windows PowerShell - Unsantized Filename RCE Dirty File Creat0r.
#...

[SBA-ADV-20190305-01] CVE-2019-13564: Ping Identity Agentless Integration Kit <1.5 Reflected Cross-site Scripting (XSS)

Full Disclosure - 30 August, 2019 - 11:02

Posted by SBA Research Advisory on Aug 30

# Ping Identity Agentless Integration Kit Reflected Cross-site Scripting (XSS) #

Link:
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01_Ping_Identity_Agentless_Integration_Kit_Reflected_XSS

## Vulnerability Overview ##

Ping Identity Agentless Integration Kit before 1.5 is susceptible to
Reflected Cross-site Scripting at the `/as/authorization.oauth2`
endpoint due to improper encoding of an arbitrarily submitted...

SEC Consult SA-20190829-1 :: External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series

Bug Traq - 30 August, 2019 - 04:46

Posted by SEC Consult Vulnerability Lab on Aug 30

SEC Consult Vulnerability Lab Security Advisory < 20190829-1 >
=======================================================================
title: External DNS Requests
product: Zyxel USG/UAG/ATP/VPN/NXC series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage: https://www.zyxel.com...

SEC Consult SA-20190829-0 :: Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series

Bug Traq - 30 August, 2019 - 04:43

Posted by SEC Consult Vulnerability Lab on Aug 30

SEC Consult Vulnerability Lab Security Advisory < 20190829-0 >
=======================================================================
title: Hardcoded FTP Credentials
product: Zyxel NWA/NAP/WAC wireless access point series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage:...

SEC Consult SA-20190829-1 :: External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series

Full Disclosure - 30 August, 2019 - 02:17

Posted by SEC Consult Vulnerability Lab on Aug 30

SEC Consult Vulnerability Lab Security Advisory < 20190829-1 >
=======================================================================
title: External DNS Requests
product: Zyxel USG/UAG/ATP/VPN/NXC series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage: https://www.zyxel.com...

SEC Consult SA-20190829-0 :: Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series

Full Disclosure - 30 August, 2019 - 02:16

Posted by SEC Consult Vulnerability Lab on Aug 30

SEC Consult Vulnerability Lab Security Advisory < 20190829-0 >
=======================================================================
title: Hardcoded FTP Credentials
product: Zyxel NWA/NAP/WAC wireless access point series
vulnerable version: see "Vulnerable / tested version"
fixed version: see "Solution"
CVE number: -
impact: medium
homepage:...

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004

Bug Traq - 29 August, 2019 - 14:03

Posted by Adrian Perez de Castro on Aug 29

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004
------------------------------------------------------------------------

Date reported : August 29, 2019
Advisory ID : WSA-2019-0004
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0004.html
WPE WebKit Advisory URL :...

[SECURITY] [DSA 4510-1] dovecot security update

Bug Traq - 28 August, 2019 - 09:47

Posted by Salvatore Bonaccorso on Aug 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4510-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dovecot
CVE ID : CVE-2019-11500

Nick Roessler and...

Multiple vulns in Cisco UCS Director: from unauth remote access to code execution as root

Bug Traq - 28 August, 2019 - 03:00

Posted by Pedro Ribeiro on Aug 28

Hi,

tl;dr three vulns (auth bypass, command injection, default password) in
Cisco UCS and Cisco IMC Supervisor, two of which (auth bypass + command
injection) can be chained to achieve unauthenticated RCE as root

Full advisory below, can also be fetched from
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-ucs-rce.txt

Metasploit modules have been submitted to:
https://github.com/rapid7/metasploit-framework/pull/12243...

Multiple CSRF Vulnerabilities in Django CRM 0.2.1

Full Disclosure - 27 August, 2019 - 12:01

Posted by Daniel Bishtawi on Aug 27

Hello,

We are informing you about the vulnerabilities in Django CRM 0.2.1.

Here are the details:

Information
--------------------
Advisory by Netsparker
Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1
Affected Software: Django CRM
Affected Versions: 0.2.1
Homepage: https://github.com/MicroPyramid/Django-CRM
Vulnerability: Cross-site Request Forgery
Severity: 8.8 High
Status: Not Fixed
CVE-ID: CVE-2019-11457
CVSS Score (3.0):...

APPLE-SA-2019-8-26-2 macOS Mojave 10.14.6 Supplemental Update

Full Disclosure - 27 August, 2019 - 12:01

Posted by Akila Srinivasan via Fulldisclosure on Aug 27

APPLE-SA-2019-8-26-2 macOS Mojave 10.14.6 Supplemental Update

macOS Mojave 10.14.6 Supplemental Update is now available and
addresses the following:

Kernel
Available for: macOS Mojave 10.14.6
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional...

APPLE-SA-2019-8-26-3 tvOS 12.4.1

Full Disclosure - 27 August, 2019 - 12:01

Posted by Akila Srinivasan via Fulldisclosure on Aug 27

APPLE-SA-2019-8-26-3 tvOS 12.4.1

tvOS 12.4.1 is now available and addresses the following:

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel
We would like to acknowledge...
Syndicate content