SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Joey Lane via Fulldisclosure on Jul 09

# Exploit Title: PowerPanel Business Edition 3.4.0 - Cross Site Request
Forgery
# Date: 7/9/2019
# Exploit Author: Joey Lane
# Vendor Homepage: https://www.cyberpowersystems.com
# Version: 3.4.0
# Tested on: Ubuntu 16.04
# CVE : CVE-2019-13071
# Reported to vendor on 5/25/2019, no acknowledgement.

The Agent/Center component of PowerPanel Business Edition is vulnerable to
cross site request forgery. This can be exploited by tricking an...

Posted by xen1thLabs on Jul 09

## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...

Posted by Pedro Ribeiro on Jul 09

Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...

Posted by MustLive on Jul 09

Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities
in TP-Link TL-WR940N and TL-WR941ND. After my advisory about
vulnerabilities in TP-Link TL-WR841N and TL-WR841ND in 2017.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: TP-Link TL-WR940N and TL-WR941ND,
Firmware Version 3.16.9 Build 151216. All other versions also must be
vulnerable. I informed TP-Link about...

Posted by Matthias Deeg on Jul 09

Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: CVE-2019-13352
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Posted by Jonathan Leitschuh on Jul 09

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit
your website!

A vulnerability in the Mac Zoom Client allows any malicious website to
enable your camera without your permission. The flaw potentially exposes up
to 750,000 companies around the world that use Zoom to conduct day-to-day
business.

Full post:...

Posted by gionreale on Jul 09

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.

Discovered by Gionathan Armando Reale

Posted by Eitan shav on Jul 09

[Description]
Polycom RealPresence Touch devices (hardware version 7; operating
system version 2.1.2-255) allow remote attackers to cause a denial of
service (networking outage) by sending "Slowloris" packet data to the
login interface.

[VulnerabilityType]
Slowloris DoS

[Vendor of Product]
Polycom

[Affected Product Code Base]
RealPresence Touch device - Hardware version: 7 , operating system version: 2.1.2-255

[Attack...

Posted by No One on Jul 09

Razer is a company that produces gaming-centric computer peripherals,
laptops, desktops, and mobile phones. Many of their products allow for
rich customization of device lighting effects. These features are managed
by a client application called Synapse.

On Windows, Razer Synapse 3 installs an optional component - the Razer
Chroma SDK - by default. This component installs a root certificate - with
the private key - which is the same across...

Posted by Salvatore Bonaccorso on Jul 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4477-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zeromq3
CVE ID : CVE-2019-13132

Fang-Pen Lin...

GE Aestiva and Aespire Anesthesia CVE-2019-10966 Authentication Bypass Vulnerability

Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability

Adobe Dreamweaver CVE-2019-7956 DLL Loading Local Privilege Escalation Vulnerability

Mozilla Firefox CVE-2019-11714 Denial of Service Vulnerability

Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Microsoft Windows X.509 Certificate CVE-2019-0865 Denial of Service Vulnerability

Adobe Experience Manager CVE-2019-7955 Cross Site Scripting Vulnerability

Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Mozilla Firefox CVE-2019-11718 Information Disclosure Vulnerability

Mozilla Firefox CVE-2019-11710 Multiple Unspecified Memory Corruption Vulnerabilities