Security News

PowerPanel Business Edition 3.4.0 - Cross Site Request Forgery

Full Disclosure - 9 July, 2019 - 18:15

Posted by Joey Lane via Fulldisclosure on Jul 09

# Exploit Title: PowerPanel Business Edition 3.4.0 - Cross Site Request
Forgery
# Date: 7/9/2019
# Exploit Author: Joey Lane
# Vendor Homepage: https://www.cyberpowersystems.com
# Version: 3.4.0
# Tested on: Ubuntu 16.04
# CVE : CVE-2019-13071
# Reported to vendor on 5/25/2019, no acknowledgement.

The Agent/Center component of PowerPanel Business Edition is vulnerable to
cross site request forgery. This can be exploited by tricking an...

Two vulnerabilities found in Sony BRAVIA Smart TVs

Full Disclosure - 9 July, 2019 - 12:25

Posted by xen1thLabs on Jul 09

## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...

Cisco Data Center Manager multiple vulns; RCE as root

Full Disclosure - 9 July, 2019 - 12:24

Posted by Pedro Ribeiro on Jul 09

Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...

Vulnerabilities in TP-Link TL-WR940N and TL-WR941ND

Full Disclosure - 9 July, 2019 - 12:22

Posted by MustLive on Jul 09

Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities
in TP-Link TL-WR940N and TL-WR941ND. After my advisory about
vulnerabilities in TP-Link TL-WR841N and TL-WR841ND in 2017.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: TP-Link TL-WR940N and TL-WR941ND,
Firmware Version 3.16.9 Build 151216. All other versions also must be
vulnerable. I informed TP-Link about...

UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352]

Full Disclosure - 9 July, 2019 - 12:22

Posted by Matthias Deeg on Jul 09

Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: CVE-2019-13352
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Full Disclosure - 9 July, 2019 - 12:22

Posted by Jonathan Leitschuh on Jul 09

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit
your website!

A vulnerability in the Mac Zoom Client allows any malicious website to
enable your camera without your permission. The flaw potentially exposes up
to 750,000 companies around the world that use Zoom to conduct day-to-day
business.

Full post:...

KEYNTO Team Password Manager 1.5.0 - Cross Site Scripting [CVE-2019-13380]

Full Disclosure - 9 July, 2019 - 12:21

Posted by gionreale on Jul 09

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.

Discovered by Gionathan Armando Reale

Polycom RealPresence Touch device vulnerable to Slowloris attack (hardware version 7; OS version 2.1.2-255)

Full Disclosure - 9 July, 2019 - 12:21

Posted by Eitan shav on Jul 09

[Description]
Polycom RealPresence Touch devices (hardware version 7; operating
system version 2.1.2-255) allow remote attackers to cause a denial of
service (networking outage) by sending "Slowloris" packet data to the
login interface.

[VulnerabilityType]
Slowloris DoS

[Vendor of Product]
Polycom

[Affected Product Code Base]
RealPresence Touch device - Hardware version: 7 , operating system version: 2.1.2-255

[Attack...

Razer Synapse 3, Laptops Ship with Re-used Root Certificate with Private Key

Full Disclosure - 9 July, 2019 - 12:20

Posted by No One on Jul 09

Razer is a company that produces gaming-centric computer peripherals,
laptops, desktops, and mobile phones. Many of their products allow for
rich customization of device lighting effects. These features are managed
by a client application called Synapse.

On Windows, Razer Synapse 3 installs an optional component - the Razer
Chroma SDK - by default. This component installs a root certificate - with
the private key - which is the same across...

[SECURITY] [DSA 4477-1] zeromq3 security update

Bug Traq - 9 July, 2019 - 07:55

Posted by Salvatore Bonaccorso on Jul 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4477-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zeromq3
CVE ID : CVE-2019-13132

Fang-Pen Lin...

Vuln: GE Aestiva and Aespire Anesthesia CVE-2019-10966 Authentication Bypass Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
GE Aestiva and Aespire Anesthesia CVE-2019-10966 Authentication Bypass Vulnerability

Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability

Vuln: Adobe Dreamweaver CVE-2019-7956 DLL Loading Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Adobe Dreamweaver CVE-2019-7956 DLL Loading Local Privilege Escalation Vulnerability

Vuln: Mozilla Firefox CVE-2019-11714 Denial of Service Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Mozilla Firefox CVE-2019-11714 Denial of Service Vulnerability

Vuln: Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Vuln: Microsoft Windows X.509 Certificate CVE-2019-0865 Denial of Service Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Microsoft Windows X.509 Certificate CVE-2019-0865 Denial of Service Vulnerability

Vuln: Adobe Experience Manager CVE-2019-7955 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Adobe Experience Manager CVE-2019-7955 Cross Site Scripting Vulnerability

Vuln: Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Multiple WAGO Industrial Managed Switches Security Bypass Vulnerability

Vuln: Mozilla Firefox CVE-2019-11718 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Mozilla Firefox CVE-2019-11718 Information Disclosure Vulnerability

Vuln: Mozilla Firefox CVE-2019-11710 Multiple Unspecified Memory Corruption Vulnerabilities

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Mozilla Firefox CVE-2019-11710 Multiple Unspecified Memory Corruption Vulnerabilities
Syndicate content