Security News

KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products

Full Disclosure - 12 February, 2019 - 13:23

Posted by Kingkaustubh via Fulldisclosure on Feb 12

=====================================
Authenticated Shell Command Injection
=====================================

. contents:: Table Of Content

Overview
========

Title : Authenticated Shell command Injection
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7383
Vendor: Systrome Networks (http://systrome.com/about/)
Products:
1.ISG-600C
2.ISG-600H
3.ISG-800W

Tested Version: : ISG-V1.1-R2.1_TRUNK-20181105.bin(Respetive for...

KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall

Full Disclosure - 12 February, 2019 - 13:23

Posted by Kingkaustubh via Fulldisclosure on Feb 12

=====================================================
Authenticated XSRF leads to complete Account Takeover
=====================================================

. contents:: Table Of Content

Overview
========

Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG Products.
CVE ID:- CVE-2018-19525
Author: Kaustubh G. Padwad
Vendor: Systrome Networks (http://systrome.com/about/)
Products:
1.ISG-600C...

KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.

Full Disclosure - 12 February, 2019 - 13:23

Posted by Kingkaustubh via Fulldisclosure on Feb 12

========================================================
Unauthenticated Stack Overflow in Multiple Gpon Devices
========================================================

. contents:: Table Of Content

Overview
========

Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
CVE-ID :- CVE-2018-19524
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(...

[SECURITY] [DSA 4377-2] rssh regression update

Bug Traq - 12 February, 2019 - 07:02

Posted by Salvatore Bonaccorso on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4377-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rssh
Debian Bug : 921655

The update for rssh issued as...

[SECURITY] [DSA 4389-1] libu2f-host security update

Bug Traq - 12 February, 2019 - 06:59

Posted by Sebastien Delafond on Feb 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4389-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 11, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libu2f-host
CVE ID : CVE-2018-20340
Debian Bug...

Static and Dynamic Analysis

Daily Dave - 11 February, 2019 - 14:00

Posted by Dave Aitel on Feb 11

So one thing I often find weird about our industry is how it gets taken
over by marketing language and the utility of entire classes of products
gets clouded over. For example, part of any SDLC is going to be static and
dynamic analysis. However, if you ask a normal security manager what kinds
of bugs these sorts of products find or don't find, and what the false
positive levels are, they find it hard to answer, even assuming they use
them....

[SECURITY] [DSA 4388-1] mosquitto security update

Bug Traq - 11 February, 2019 - 00:12

Posted by Moritz Muehlenhoff on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4388-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
CVE ID : CVE-2018-12546 CVE-2018-12550...

KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.

Bug Traq - 11 February, 2019 - 00:07

Posted by Kingkaustubh on Feb 10

========================================================
Unauthenticated Stack Overflow in Multiple Gpon Devices
========================================================

. contents:: Table Of Content

Overview
========

Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals.
CVE-ID :- CVE-2018-19524
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(...

[SECURITY] [DSA 4387-1] openssh security update

Bug Traq - 11 February, 2019 - 00:04

Posted by Yves-Alexis Perez on Feb 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4387-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
February 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2018-20685 CVE-2019-6109...

WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001

Bug Traq - 11 February, 2019 - 00:01

Posted by Michael Catanzaro on Feb 10

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001
------------------------------------------------------------------------

Date reported : February 08, 2019
Advisory ID : WSA-2019-0001
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2019-0001.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0001.html
CVE identifiers :...

Content Injection in Amazon's FireOS [CVE-2019-7399]

Full Disclosure - 8 February, 2019 - 13:46

Posted by Nightwatch Cybersecurity Research on Feb 08

[Original blog post here:
https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/]

SUMMARY

The FireOS operating system provided by Amazon for Fire tablet devices
can be injected with malicious content by an MITM attacker. An
attacker can also capture the serial number of the device. The root
cause is lack of HTTPS for legal content (terms of use and privacy
policy) within the settings...

[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone

Full Disclosure - 8 February, 2019 - 13:45

Posted by Rafael Pedrero on Feb 08

<!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7422
# Category: webapps

1....

[CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service

Full Disclosure - 8 February, 2019 - 13:45

Posted by Rafael Pedrero on Feb 08

<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System...

[CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3

Full Disclosure - 8 February, 2019 - 13:45

Posted by Rafael Pedrero on Feb 08

<!--
# Exploit Title: Cross Site Scripting in Ericsson Active Library Explorer
Server Version 14.3
# Date: 23-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.ericsson.com
# Software Link: http://www.ericsson.com
# Version: Ericsson Active Library Explorer Server Version 14.3
# Tested on: all
# CVE : CVE-2019-7417
# Category: webapps

1. Description

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple...

[CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2

Full Disclosure - 8 February, 2019 - 13:45

Posted by Rafael Pedrero on Feb 08

<!--
# Exploit Title: Client Side URL Redirect (OTG-CLIENT-004) in OpenText
Documentum Webtop 5.3 SP2
# Date: 17-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Software Link:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Version:...

APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

Full Disclosure - 8 February, 2019 - 13:45

Posted by Apple Product Security via Fulldisclosure on Feb 08

APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS

Shortcuts 2.1.3 for iOS is now available and addresses the following:

Shortcuts
Available for: Shortcuts 2.1.2 for iOS
Impact: A local user may be able to view senstive user information
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2019-7289: Sem Voigtländer of Fontys Hogeschool ICT

Shortcuts
Available for: Shortcuts 2.1.2 for iOS...

APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update

Full Disclosure - 8 February, 2019 - 13:44

Posted by Apple Product Security via Fulldisclosure on Feb 08

APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update

macOS Mojave 10.14.3 Supplemental Update is now available and
addresses the following:

FaceTime
Available for: macOS Mojave 10.14.3
Impact: The initiator of a Group FaceTime call may be able to cause
the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime
calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson...

APPLE-SA-2019-2-07-1 iOS 12.1.4

Full Disclosure - 8 February, 2019 - 13:44

Posted by Apple Product Security via Fulldisclosure on Feb 08

APPLE-SA-2019-2-07-1 iOS 12.1.4

iOS 12.1.4 is now available and addresses the following:

FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause
the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime
calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of...

Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)

Full Disclosure - 8 February, 2019 - 13:42

Posted by David Coomber on Feb 08

Qkr! with MasterPass iOS Application - MITM SSL Certificate
Vulnerability (CVE-2019-6702)

[slackware-security] php (SSA:2019-038-01)

Bug Traq - 8 February, 2019 - 00:52

Posted by Slackware Security Team on Feb 07

[slackware-security] php (SSA:2019-038-01)

New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security
issues. A bugfix release for -current is also available.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.40-i586-1_slack14.2.txz: Upgraded.
Several security bugs have been fixed in this release:
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in...
Syndicate content