SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Dave Aitel on Jan 04

I really like Andrea Biondo's latest paper. I like that it has -0 in it as
an exploit primitive, and that he takes it from almost nothing to RCE by
looking at the many levels of javascript optimization. It unfolded
poetically, like a Cretaceous fern after the rain.
https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/

If you're the kind of person who ALSO liked that paper, then you should
come to INFILTRATE <...

Adobe Acrobat and Reader CVE-2018-19725 Security Bypass Vulnerability

Posted by Dave Aitel on Jan 02

Ok so this was a good talk. He started off with why it would be difficult
to do things in a factory, although everything he noted (which were
protestations from a manufacturer) seemed pretty overcome-able. For example
"We have our own employees on site checking for security issues such as
this" - makes me think:
1. How much attention can they really pay to this level of detail
2. How do you know your employees really are your employees?...

Posted by Dave Aitel on Jan 02

You can still submit talks to the INFILTRATE CFP btw. :)

http://infiltratecon.com/cfp/

We have profit sharing for speakers, and it's a more fun and USEFUL
conference than others you might have seen. For us by us, etc.! :)

Right now I'm watching Sophia's Jailbrakecon <https://vimeo.com/273963786>
talk. There's a lot of interesting lines in it such as "We tried program
analysis, and *that* didn't work..."...

Posted by Arun Koshy on Jan 02

check:

https://media.ccc.de/v/35c3-9597-modchips_of_the_state

Posted by Moritz Muehlenhoff on Jan 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-4362-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : not yet available

Multiple...

IBM Quality Manager CVE-2017-1609 Cross Site Scripting Vulnerability

Xen 'vmx.c' Denial of Service Vulnerability

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the file dirary0.js" should be "An unauthenticated user can visit the file dirary0.js"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:11 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to
discover admin credentials

[Vendor]...

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page spaces.htm" should be "An unauthenticated user can visit the page spaces.htm"
________________________________
From: Fulldisclosure <fulldisclosure-bounces () seclists org> on behalf of Tyler Cui <tyler.cui () live com>
Sent: Monday, 17 December 2018 12:10 AM
To: fulldisclosure () seclists org
Subject: [FD] [CVE-2018-18008] spaces.htm on multiple...

Posted by Tyler Cui on Jan 01

Correction of the typo:

"An authenticated user can visit the page atbox.htm" should be "An unauthenticated user can visit the page atbox.htm"
________________________________
From: Tyler Cui
Sent: Monday, 17 December 2018 12:09 AM
To: fulldisclosure () seclists org
Subject: [CVE-2018-18007] atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover
admin credentials

[Vendor]
us.dlink.com...

Posted by secure on Jan 01

DSA-2018-224:RSA Archer GRC Platform Improper Access Control Vulnerability

Dell EMC Identifier:DSA-2018-224

CVE Identifier: CVE-2018-15780

Severity: Medium

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products:
RSA Archer versions prior to 6.5 P1 (6.5.0.1)

Summary:
RSA Archer GRC versions prior to 6.5.0.1 contain an improper access control vulnerability that could potentially be...

Posted by Nightwatch Cybersecurity Research on Jan 01

[NOTE: This is an expanded version of an earlier post from 2015 with
updated information and fix from the vendor. Full blog post here:
https://wwws.nightwatchcybersecurity.com/2018/12/25/chrome-browser-for-android-reveals-hardware-information/]

SUMMARY

Google’s Chrome browser, WebView and Chrome Tabs for Android discloses
information about the hardware model, firmware version and security
patch level of the device on which it is running....

Posted by Rob Fuller on Jan 01

The 7th Annual(ish) ShmooCon Epilogue presented to you by the NoVA Hackers
Association. It is an all-day con that is held the day after ShmooCon
(Monday - Jan 21 2019). The event goes from 9 AM to 9 PM with breakfast,
catered lunch and dinner, a CTF, a HAM Radio class and testing just for the
cost of the ticket. (the HAM Radio tests have testing fees not included in
admission)

You can submit your CFP here: http://bit.ly/epiloguecfp2019

What do...

Posted by Daniel Bishtawi on Jan 01

Hello,

We are glad to inform you about the vulnerabilities we reported in ForkCMS
5.0.6.

Here are the details:

Advisory by Netsparker
Name: Stored Cross-site Scripting in ForkCMS
Affected Software: ForkCMS
Affected Versions: 5.0.6
Homepage: https://www.fork-cms.com/
Vulnerability: Stored Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference:...

Posted by Egidio Romano on Dec 31

-----------------------------------------------------
SugarCRM (addLabels) PHP Code Injection Vulnerability
-----------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through key values of the 'labels_' parameters is not properly sanitized
before being used to save PHP code...

Posted by Egidio Romano on Dec 31

--------------------------------------------------------------
SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.5.0, 8.0.2, and 8.2.0.

[-] Vulnerability Description:

User input passed through the "webhook_target_module" parameter is not properly sanitized
before...

Posted by Egidio Romano on Dec 31

-------------------------------------------------------------------------
SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
-------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com

[-] Affected Versions:

All versions prior to 7.9.4.0 and 7.11.0.0.

[-] Vulnerability Description:

The vulnerability is located within the...