Security News

[slackware-security] irssi (SSA:2019-180-01)

Bug Traq - 30 June, 2019 - 22:56

Posted by Slackware Security Team on Jun 30

[slackware-security] irssi (SSA:2019-180-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/irssi-1.1.3-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue: Use after free when sending SASL login
to the server found by ilbelkyr. May affect the stability of Irssi. SASL...

[SECURITY] [DSA 4473-1] rdesktop security update

Bug Traq - 30 June, 2019 - 22:46

Posted by Salvatore Bonaccorso on Jun 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-4473-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rdesktop
Debian Bug : 930387

Multiple security issues...

[XSS] IFrame Buster tools and news

Full Disclosure - 28 June, 2019 - 11:51

Posted by Zmx on Jun 28

*History*
Almost two years ago I reported to the full disclosure list my finding
about the usage of IFrameBusterKit (often provided by Google) in order to
help advertising.

Sadly a lot of those file (that you host on your own domain) have really
easy XSS include in them.

After the report, Google quickly remove most of the kit, and email user to
warn them about removing those file:
https://support.google.com/admanager/answer/7622991

*The Tools*...

[SECURITY] [DSA 4472-1] expat security update

Bug Traq - 28 June, 2019 - 07:45

Posted by Salvatore Bonaccorso on Jun 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-4472-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : expat
CVE ID : CVE-2018-20843
Debian Bug :...

Vuln: Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 27 June, 2019 - 23:00
Symantec Endpoint Encryption CVE-2019-9703 Local Privilege Escalation Vulnerability

Vuln: Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 27 June, 2019 - 23:00
Symantec Endpoint Encryption CVE-2019-9702 Local Privilege Escalation Vulnerability

Vuln: IBM Sterling B2B Integrator CVE-2019-4377 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 27 June, 2019 - 23:00
IBM Sterling B2B Integrator CVE-2019-4377 Information Disclosure Vulnerability

Vuln: Intel Microarchitectural Data Sampling Multiple Local Information Disclosure Vulnerabilities

Security Focus Vulnerabilities - 27 June, 2019 - 23:00
Intel Microarchitectural Data Sampling Multiple Local Information Disclosure Vulnerabilities

Vuln: Advantech WebAccess/SCADA ICSA-19-178-05 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 26 June, 2019 - 23:00
Advantech WebAccess/SCADA ICSA-19-178-05 Multiple Security Vulnerabilities

Vuln: Linux kernel CVE-2019-12817 Local Privilege Escalation Vulnerability

Security Focus Vulnerabilities - 26 June, 2019 - 23:00
Linux kernel CVE-2019-12817 Local Privilege Escalation Vulnerability

[SYSS-2019-006] Adobe Coldfusion (Windows) - Remote Code Execution through JNBridge listener

Bug Traq - 26 June, 2019 - 06:05

Posted by Moritz Bechler on Jun 26

Advisory ID: SYSS-2019-006
Product: Coldfusion/JNBridge
Manufacturer: Adobe/JNBridge LLC
Affected Version(s): Coldfusion 2016,2018, JNBridge all versions
Tested Version(s): 2018
Vulnerability Type: Remote Code Execution
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-03-27
Solution Date: 2019-06-11
Public Disclosure: 2019-06-24
CVE Reference: CVE-2019-7839
Author of Advisory: Moritz Bechler, SySS GmbH...

Vuln: OpenJPEG Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
OpenJPEG Multiple Security Vulnerabilities

Vuln: ImageMagick Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
ImageMagick Multiple Security Vulnerabilities

Vuln: Cisco Data Center Network Manager CVE-2019-1622 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
Cisco Data Center Network Manager CVE-2019-1622 Information Disclosure Vulnerability

Vuln: Cisco Data Center Network Manager CVE-2019-1620 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
Cisco Data Center Network Manager CVE-2019-1620 Multiple Security Vulnerabilities

Vuln: Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability

Vuln: Cisco Data Center Network Manager CVE-2019-1621 Arbitrary File Download Vulnerability

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
Cisco Data Center Network Manager CVE-2019-1621 Arbitrary File Download Vulnerability

Vuln: GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
GNU Binutils CVE-2019-12972 Heap Based Buffer Overflow Vulnerability

Vuln: Cisco Data Center Network Manager CVE-2019-1619 Authentication Bypass Vulnerability

Security Focus Vulnerabilities - 25 June, 2019 - 23:00
Cisco Data Center Network Manager CVE-2019-1619 Authentication Bypass Vulnerability

D-LINK admin password in plain text if "user" or "User" use blank password

Full Disclosure - 25 June, 2019 - 13:03

Posted by Marty on Jun 25

The problem in the following models :

DIR-652   
DIR-615   
DIR-827   
DIR-615   
DIR-657   
DIR-825   

If login to  web interface as "User" or "user" , and navigate to url :  

http://<ip>:port/wizard_wan.asp   

in web code page:

view-source:<ip>:port/wizard_wan.asp

scroll down page and bang :

administrator password in plain text

ports : 8080  or  8081  .

---
Ta wiadomość została...
Syndicate content