Security News

Vuln: Adobe Bridge CC CVE-2019-7963 Out of Bounds Read Information Disclosure Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
Adobe Bridge CC CVE-2019-7963 Out of Bounds Read Information Disclosure Vulnerability

Vuln: SAP Commerce Cloud CVE-2019-0322 Unspecified Denial of Service Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP Commerce Cloud CVE-2019-0322 Unspecified Denial of Service Vulnerability

Vuln: SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability

Vuln: SAP Gateway CVE-2019-0319 Content Injection Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP Gateway CVE-2019-0319 Content Injection Vulnerability

Vuln: SAP BusinessObjects Business Intelligence Platform CVE-2019-0326 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP BusinessObjects Business Intelligence Platform CVE-2019-0326 Cross Site Scripting Vulnerability

Vuln: SAP NetWeaver AS Java CVE-2019-0327 Arbitrary File Upload Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP NetWeaver AS Java CVE-2019-0327 Arbitrary File Upload Vulnerability

Vuln: SAP Information Steward CVE-2019-0329 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP Information Steward CVE-2019-0329 Cross Site Scripting Vulnerability

Vuln: SAP Netweaver Application Server Java CVE-2019-0318 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP Netweaver Application Server Java CVE-2019-0318 Information Disclosure Vulnerability

Vuln: SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability

Vuln: SAP NetWeaver Process Integration CVE-2019-0328 Code Injection Vulnerability

Security Focus Vulnerabilities - 8 July, 2019 - 23:00
SAP NetWeaver Process Integration CVE-2019-0328 Code Injection Vulnerability

Two vulnerabilities found in Sony Bravia Smart TVs

Bug Traq - 8 July, 2019 - 07:43

Posted by xen1thLabs on Jul 08

## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...

Cisco Data Center Manager multiple vulns; RCE as root

Bug Traq - 8 July, 2019 - 07:41

Posted by Pedro Ribeiro on Jul 08

Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...

[SECURITY] [DSA 4476-1] python-django security update

Bug Traq - 8 July, 2019 - 07:37

Posted by Moritz Muehlenhoff on Jul 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4476-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2019-6975 CVE-2019-12308...

Vuln: McAfee ePolicy Orchestrator CVE-2019-3619 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 7 July, 2019 - 23:00
McAfee ePolicy Orchestrator CVE-2019-3619 Information Disclosure Vulnerability

Vuln: Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 7 July, 2019 - 23:00
Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting Vulnerability

[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)

Full Disclosure - 5 July, 2019 - 12:03

Posted by Matthias Deeg on Jul 05

Advisory ID: SYSS-2019-021

Product: Cynap

Manufacturer: WolfVision

Affected Version(s): 1.18g, 1.28j

Tested Version(s): 1.18g, 1.28j

Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)

Risk Level: High

Solution Status: Fixed

Manufacturer Notification: 2019-05-03

Solution Date: 2019-06-19

Public Disclosure: 2019-07-04

CVE Reference: Not assigned yet

Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution

Full Disclosure - 5 July, 2019 - 12:03

Posted by hyp3rlinx on Jul 05

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"

Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533

Excerpt from the FCIV...

Vuln: Red Hat Undertow CVE-2019-3888 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 4 July, 2019 - 23:00
Red Hat Undertow CVE-2019-3888 Information Disclosure Vulnerability

[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)

Bug Traq - 4 July, 2019 - 05:45

Posted by manuel . stotz on Jul 04

Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: Not assigned yet
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution

Bug Traq - 4 July, 2019 - 01:22

Posted by apparitionsec on Jul 03

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"

Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533

Excerpt from...
Syndicate content