Security News
Vuln: Adobe Bridge CC CVE-2019-7963 Out of Bounds Read Information Disclosure Vulnerability
Adobe Bridge CC CVE-2019-7963 Out of Bounds Read Information Disclosure Vulnerability
Vuln: SAP Commerce Cloud CVE-2019-0322 Unspecified Denial of Service Vulnerability
SAP Commerce Cloud CVE-2019-0322 Unspecified Denial of Service Vulnerability
Vuln: SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
Vuln: SAP Gateway CVE-2019-0319 Content Injection Vulnerability
SAP Gateway CVE-2019-0319 Content Injection Vulnerability
Vuln: SAP BusinessObjects Business Intelligence Platform CVE-2019-0326 Cross Site Scripting Vulnerability
SAP BusinessObjects Business Intelligence Platform CVE-2019-0326 Cross Site Scripting Vulnerability
Vuln: SAP NetWeaver AS Java CVE-2019-0327 Arbitrary File Upload Vulnerability
SAP NetWeaver AS Java CVE-2019-0327 Arbitrary File Upload Vulnerability
Vuln: SAP Information Steward CVE-2019-0329 Cross Site Scripting Vulnerability
SAP Information Steward CVE-2019-0329 Cross Site Scripting Vulnerability
Vuln: SAP Netweaver Application Server Java CVE-2019-0318 Information Disclosure Vulnerability
SAP Netweaver Application Server Java CVE-2019-0318 Information Disclosure Vulnerability
Vuln: SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability
SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability
Vuln: SAP NetWeaver Process Integration CVE-2019-0328 Code Injection Vulnerability
SAP NetWeaver Process Integration CVE-2019-0328 Code Injection Vulnerability
Two vulnerabilities found in Sony Bravia Smart TVs
Posted by xen1thLabs on Jul 08
## ADVISORY INFORMATIONTITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/
DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...
Cisco Data Center Manager multiple vulns; RCE as root
Posted by Pedro Ribeiro on Jul 08
Hi,tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.
Full advisory below, and Metasploit modules have been submitted to the
project.
A special thanks to iDefense for handling the disclosure process with Cisco.
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
code execution) on Cisco Data Center Network Manager
Security (...
[SECURITY] [DSA 4476-1] python-django security update
Posted by Moritz Muehlenhoff on Jul 08
-------------------------------------------------------------------------Debian Security Advisory DSA-4476-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : python-django
CVE ID : CVE-2019-6975 CVE-2019-12308...
Vuln: McAfee ePolicy Orchestrator CVE-2019-3619 Information Disclosure Vulnerability
McAfee ePolicy Orchestrator CVE-2019-3619 Information Disclosure Vulnerability
Vuln: Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting Vulnerability
Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting Vulnerability
[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)
Posted by Matthias Deeg on Jul 05
Advisory ID: SYSS-2019-021Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: Not assigned yet
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...
Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution
Posted by hyp3rlinx on Jul 05
[+] Credits: John Page (aka hyp3rlinx)[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security
[Vendor]
www.microsoft.com
[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"
Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533
Excerpt from the FCIV...
Vuln: Red Hat Undertow CVE-2019-3888 Information Disclosure Vulnerability
Red Hat Undertow CVE-2019-3888 Information Disclosure Vulnerability
[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)
Posted by manuel . stotz on Jul 04
Advisory ID: SYSS-2019-021Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: Not assigned yet
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...
Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution
Posted by apparitionsec on Jul 03
[+] Credits: John Page (aka hyp3rlinx)[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security
[Vendor]
www.microsoft.com
[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"
Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533
Excerpt from...
