Security News

Ferns (Devonian to Present Day)

Daily Dave - 4 January, 2019 - 10:23

Posted by Dave Aitel on Jan 04

I really like Andrea Biondo's latest paper. I like that it has -0 in it as
an exploit primitive, and that he takes it from almost nothing to RCE by
looking at the many levels of javascript optimization. It unfolded
poetically, like a Cretaceous fern after the rain.
https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/

If you're the kind of person who ALSO liked that paper, then you should
come to INFILTRATE <...

Vuln: Adobe Acrobat and Reader CVE-2018-19725 Security Bypass Vulnerability

Security Focus Vulnerabilities - 3 January, 2019 - 00:00
Adobe Acrobat and Reader CVE-2018-19725 Security Bypass Vulnerability

Re: Modchips of the State [ CCC December 2018 talk by Trammell Hudson ]

Daily Dave - 2 January, 2019 - 13:53

Posted by Dave Aitel on Jan 02

Ok so this was a good talk. He started off with why it would be difficult
to do things in a factory, although everything he noted (which were
protestations from a manufacturer) seemed pretty overcome-able. For example
"We have our own employees on site checking for security issues such as
this" - makes me think:
1. How much attention can they really pay to this level of detail
2. How do you know your employees really are your employees?...

TALKS

Daily Dave - 2 January, 2019 - 10:04

Posted by Dave Aitel on Jan 02

You can still submit talks to the INFILTRATE CFP btw. :)

http://infiltratecon.com/cfp/

We have profit sharing for speakers, and it's a more fun and USEFUL
conference than others you might have seen. For us by us, etc.! :)

Right now I'm watching Sophia's Jailbrakecon <https://vimeo.com/273963786>
talk. There's a lot of interesting lines in it such as "We tried program
analysis, and *that* didn't work..."...

[SECURITY] [DSA 4362-1] thunderbird security update

Bug Traq - 2 January, 2019 - 06:03

Posted by Moritz Muehlenhoff on Jan 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-4362-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : not yet available

Multiple...

Vuln: IBM Quality Manager CVE-2017-1609 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 2 January, 2019 - 00:00
IBM Quality Manager CVE-2017-1609 Cross Site Scripting Vulnerability

Vuln: Xen 'vmx.c' Denial of Service Vulnerability

Security Focus Vulnerabilities - 2 January, 2019 - 00:00
Xen 'vmx.c' Denial of Service Vulnerability

Vuln: OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability

Security Focus Vulnerabilities - 2 January, 2019 - 00:00
OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability

Vuln: OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability

Security Focus Vulnerabilities - 2 January, 2019 - 00:00
OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability

Re: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the file dirary0.js" should be "An unauthenticated user can visit the file dirary0.js"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:11 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to
discover admin credentials

[Vendor]...

Re: [CVE-2018-18008] spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page spaces.htm" should be "An unauthenticated user can visit the page spaces.htm"
________________________________
From: Fulldisclosure <fulldisclosure-bounces () seclists org> on behalf of Tyler Cui <tyler.cui () live com>
Sent: Monday, 17 December 2018 12:10 AM
To: fulldisclosure () seclists org
Subject: [FD] [CVE-2018-18008] spaces.htm on multiple...

Re: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials

Full Disclosure - 1 January, 2019 - 15:20

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page atbox.htm" should be "An unauthenticated user can visit the page atbox.htm"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:09 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover
admin credentials

[Vendor]
us.dlink.com...

DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability

Full Disclosure - 1 January, 2019 - 15:19

Posted by secure on Jan 01

DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability

Dell EMC Identifier:DSA-2018-224

CVE Identifier: CVE-2018-15780

Severity: Medium

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products:
RSA Archer versions prior to 6.5 P1 (6.5.0.1)

Summary:
RSA Archer GRC versions prior to 6.5.0.1 contain an improper access control vulnerability that could potentially be...

Chrome Browser for Android Reveals Sensitive Hardware Information

Full Disclosure - 1 January, 2019 - 15:12

Posted by Nightwatch Cybersecurity Research on Jan 01

[NOTE: This is an expanded version of an earlier post from 2015 with
updated information and fix from the vendor. Full blog post here:
https://wwws.nightwatchcybersecurity.com/2018/12/25/chrome-browser-for-android-reveals-hardware-information/]

SUMMARY

Google’s Chrome browser, WebView and Chrome Tabs for Android discloses
information about the hardware model, firmware version and security
patch level of the device on which it is running....

Call for Papers for ShmooCon Epilogue Closes Jan 1

Full Disclosure - 1 January, 2019 - 15:12

Posted by Rob Fuller on Jan 01

The 7th Annual(ish) ShmooCon Epilogue presented to you by the NoVA Hackers
Association. It is an all-day con that is held the day after ShmooCon
(Monday - Jan 21 2019). The event goes from 9 AM to 9 PM with breakfast,
catered lunch and dinner, a CTF, a HAM Radio class and testing just for the
cost of the ticket. (the HAM Radio tests have testing fees not included in
admission)

You can submit your CFP here: http://bit.ly/epiloguecfp2019

What do...

Multiple Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6

Full Disclosure - 1 January, 2019 - 15:09

Posted by Daniel Bishtawi on Jan 01

Hello,

We are glad to inform you about the vulnerabilities we reported in ForkCMS
5.0.6.

Here are the details:

Advisory by Netsparker
Name: Stored Cross-site Scripting in ForkCMS
Affected Software: ForkCMS
Affected Versions: 5.0.6
Homepage: https://www.fork-cms.com/
Vulnerability: Stored Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference:...

[KIS-2018-06] SugarCRM (addLabels) PHP Code Injection Vulnerability

Bug Traq - 1 January, 2019 - 00:21

Posted by Egidio Romano on Dec 31

-----------------------------------------------------
SugarCRM (addLabels) PHP Code Injection Vulnerability
-----------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through key values of the 'labels_' parameters is not properly sanitized
before being used to save PHP code...

[KIS-2018-08] SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability

Bug Traq - 1 January, 2019 - 00:20

Posted by Egidio Romano on Dec 31

--------------------------------------------------------------
SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through the "webhook_target_module" parameter is not properly sanitized
before...

[KIS-2018-04] SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability

Bug Traq - 1 January, 2019 - 00:17

Posted by Egidio Romano on Dec 31

-------------------------------------------------------------------------
SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
-------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.4.0 and 7.11.0.0.

[-] Vulnerability Description:

The vulnerability is located within the...
Syndicate content