SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Alphan YAVAS on Jan 03

I. VULNERABILITY
-------------------------
Microsoft Exchange Server, External Service Interaction (DNS)
Exchange Server 2013 CU22 and previous.

II. CVE REFERENCE
-------------------------
Not Assigned Yet

III. VENDOR
-------------------------
https://www.microsoft.com

IV. DESCRIPTION
-------------------------
Microsoft Exchange Server are affected from External Service
Interaction(DNS) vulnerability. A remote attacker could force the...

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

Posted by Thierry Zoller on Jan 02

Posted by Thierry Zoller on Jan 02

Posted by Thierry Zoller on Jan 02

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

Posted by apparitionsec on Dec 31

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an embedded contact...

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4592-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2019-19709

It was...

Posted by Alphan YAVAS on Dec 29

I. VULNERABILITY
-------------------------
Microsoft Exchange Server, External Service Interaction (DNS)
Exchange Server 2013 CU22 and previous.

II. CVE REFERENCE
-------------------------
Not Assigned Yet

III. VENDOR
-------------------------
https://www.microsoft.com

IV. DESCRIPTION
-------------------------
Microsoft Exchange Server are affected from External Service
Interaction(DNS) vulnerability. A remote attacker could force the...

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4594-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl1.0
CVE ID : CVE-2019-1551

Guido Vranken...

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4593-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freeimage
CVE ID : CVE-2019-12211 CVE-2019-12213...

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4595-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : debian-lan-config
CVE ID : CVE-2019-3467
Debian Bug...

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4596-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8
CVE ID : CVE-2018-8014 CVE-2018-11784...

Posted by Luiz Eduardo on Dec 23

Where: Sao Paulo, Brazil

When: May 25th, 2020

Call for Papers Opens: December 15th, 2019

Call for Papers Close: February 29th, 2020

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE

you Sh0t the Sheriff is a very unique one-day, one-track event dedicated to
bringing cutting edge infosec content to the top-notch

professionals of the Brazilian Information Security Community.

YSTS is a an exclusive, invite-only security conference, usually...