Security News

DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability

Full Disclosure - 1 March, 2019 - 15:20

Posted by secure on Mar 01

DSA-2019-038: RSA® Authentication Manager Insecure Credential Management Vulnerability

Dell EMC Identifier: DSA-2019-038

CVE Identifier: CVE-2019-3711

Severity Rating: 5.8 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)

Affected Products:

• RSA® Authentication Manager version 8.4 and earlier

Summary:
RSA Authentication Manager contains a vulnerability associated with insecure credential management.
Details:
The Operations Console...

DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities

Full Disclosure - 1 March, 2019 - 15:20

Posted by secure on Mar 01

DSA-2019-025: RSA Archer GRC Platform Multiple Vulnerabilities

Dell EMC Identifier: DSA-2019-025

CVE Identifier: CVE-2019-3705, CVE-2019-3706

Severity Rating: See below for scores of individual CVEs

Affected Products:

RSA Archer versions prior to 6.5 P1 (CVE-2019-3705)
RSA Archer versions prior to 6.5 P2 (CVE-2019-3706)

Summary:
RSA Archer has fixes available for multiple security vulnerabilities that could potentially be exploited by...

[CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378

Full Disclosure - 1 March, 2019 - 15:20

Posted by Rafael Pedrero on Mar 01

In 2009...

<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps

1. Description

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or...

Apache UNO API RCE

Full Disclosure - 1 March, 2019 - 15:10

Posted by Axel Boesenach on Mar 01

Dear reader,

I am not sure if I am contacting through the right email address but someone said I should e-mail you guys.

I found an RCE functionality in the Apache UNO API which could give an attacker control over a machine, or use a
machine already compromised in the network to exfiltrate data, etc.

The company that posted this issue on their blog is the company I did my internship. Copy-paste from the advisory on
there:

[START OF...

SHAREit for Android Authentication Bypass and Remote File Download

Full Disclosure - 1 March, 2019 - 15:03

Posted by RedForce Advisory on Mar 01

RedForce Advisory
https://redforce.io

## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.

## Introduction

SHAREit for Android is a popular application used for file...

[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

Full Disclosure - 1 March, 2019 - 15:03

Posted by advisories on Mar 01

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1. *Advisory Information*

Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...

[SECURITY] [DSA 4401-1] wordpress security update

Bug Traq - 1 March, 2019 - 09:51

Posted by Sebastien Delafond on Mar 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-4401-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
March 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2018-20147 CVE-2018-20148...

[SECURITY] [DSA 4400-1] openssl1.0 security update

Bug Traq - 28 February, 2019 - 21:26

Posted by Moritz Muehlenhoff on Feb 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4400-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl1.0
CVE ID : CVE-2019-1559

Juraj...

[SECURITY] [DSA 4399-1] ikiwiki security update

Bug Traq - 28 February, 2019 - 21:25

Posted by Moritz Muehlenhoff on Feb 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4399-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ikiwiki
CVE ID : CVE-2019-9187

Joey Hess...

[SECURITY] [DSA 4398-1] php7.0 security update

Bug Traq - 28 February, 2019 - 21:23

Posted by Moritz Muehlenhoff on Feb 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4398-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-9020 CVE-2019-9021...

AST-2019-001: Remote crash vulnerability with SDP protocol violation

Bug Traq - 28 February, 2019 - 21:20

Posted by Asterisk Security Team on Feb 28

Asterisk Project Security Advisory - AST-2019-001

Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...

[SECURITY] [DSA 4397-1] ldb security update

Bug Traq - 28 February, 2019 - 21:16

Posted by Salvatore Bonaccorso on Feb 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4397-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ldb
CVE ID : CVE-2019-3824

Garming Sam reported an...

AST-2019-001: Remote crash vulnerability with SDP protocol violation

Full Disclosure - 28 February, 2019 - 15:33

Posted by Asterisk Security Team on Feb 28

Asterisk Project Security Advisory - AST-2019-001

Product Asterisk
Summary Remote crash vulnerability with SDP protocol
violation
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions...

[CORE-2018-0012] - Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

Bug Traq - 28 February, 2019 - 09:23

Posted by advisories on Feb 28

SecureAuth - SecureAuth Labs Advisory
http://www.secureauth.com/

Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2

1. *Advisory Information*

Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2
Advisory ID: CORE-2018-0012
Advisory URL:
http://www.secureauth.com/labs/advisories/cisco-webex-meetings-elevation-privilege-vulnerability-version-2
Date published: 2019-02-27
Date of last update: 2019-02-27...

[SECURITY] [DSA 4395-2] chromium regression update

Bug Traq - 27 February, 2019 - 21:21

Posted by Michael Gilbert on Feb 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-4395-2 security () debian org
https://www.debian.org/security/ Michael Gilbert
February 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
Debian Bug : 922794 923298

A regression was...

(no subject)

Daily Dave - 27 February, 2019 - 13:53

Posted by Steve Lord on Feb 27

44CON is the UK's premier annual technical security conference and
training event. From the evening of the
11th of September till the 13th of September 2019, expect a top-tier
international technical conference
with fast wifi, loose 0day, a village pub and of course, Gin O'Clock.

__ __ __ __ __________ _ __
/ // / / // / / ____/ __ \/ | / / | "You can hack us
/ // /_/ // /_/ / / / / / |/ / | You can...

[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)

Bug Traq - 27 February, 2019 - 03:05

Posted by Slackware Security Team on Feb 27

[slackware-security] openssl (slackware 14.2) (SSA:2019-057-01)

New openssl packages are available for Slackware 14.2 to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2r-i586-1_slack14.2.txz: Upgraded.
Go into the error state if a fatal alert is sent or received. If an
application calls SSL_shutdown after a fatal alert has occured and
then behaves...

SHAREit for Android Authentication Bypass and Remote File Download

Bug Traq - 26 February, 2019 - 23:25

Posted by RedForce Advisory on Feb 26

RedForce Advisory
https://redforce.io

## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.

## Introduction

SHAREit for Android is a popular application used for file...

Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!

Bug Traq - 26 February, 2019 - 23:22

Posted by Stefan Kanthak on Feb 26

Hi @ll,

Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535

This announcement ends in

| For more information on how you can onboard...

Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!

Full Disclosure - 26 February, 2019 - 15:31

Posted by Stefan Kanthak on Feb 26

Hi @ll,

Microsoft just announced the general availability of their
"Windows Defender Advanced Threat Protection/Endpoint Protection & Response"
for their "downlevel" operating systems Windows 7 and Windows 8.1:
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Windows-Defender-ATP-s-EDR-capability-for-Windows-7-and-Windows/ba-p/355535

This announcement ends in

| For more information on how you can onboard...
Syndicate content