Security News

Microsoft Exchange Server, External Service Interaction (DNS)

Full Disclosure - 3 January, 2020 - 13:11

Posted by Alphan YAVAS on Jan 03

I. VULNERABILITY
-------------------------
Microsoft Exchange Server, External Service Interaction (DNS)
Exchange Server 2013 CU22 and previous.

II. CVE REFERENCE
-------------------------
Not Assigned Yet

III. VENDOR
-------------------------
https://www.microsoft.com

IV. DESCRIPTION
-------------------------
Microsoft Exchange Server are affected from External Service
Interaction(DNS) vulnerability. A remote attacker could force the...

[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

Bug Traq - 2 January, 2020 - 11:35

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)

Bug Traq - 2 January, 2020 - 11:33

Posted by Thierry Zoller on Jan 02


[TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)

Bug Traq - 2 January, 2020 - 11:30

Posted by Thierry Zoller on Jan 02


[TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)

Bug Traq - 2 January, 2020 - 11:27

Posted by Thierry Zoller on Jan 02


[RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

Bug Traq - 2 January, 2020 - 11:23

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

[RT-SA-2019-016] IceWarp: Cross-Site Scripting in Notes

Full Disclosure - 2 January, 2020 - 09:47

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to cross-site scripting attacks in notes
for objects. If attackers with access to the IceWarp system provide a
manipulated object that is displayed by users, they can run arbitrary
JavaScript code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions: IceWarp...

[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

Full Disclosure - 2 January, 2020 - 08:48

Posted by RedTeam Pentesting GmbH on Jan 02

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts

During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted cross-site scripting
attacks in its contact module. If IceWarp users import a manipulated
vcard, for example from an email, attackers can run arbitrary JavaScript
code in the users' browsers.

Details
=======

Product: IceWarp WebMail Server
Affected Versions:...

Microsoft Windows .Group File / URL Field Code Execution

Bug Traq - 1 January, 2020 - 02:45

Posted by apparitionsec on Dec 31

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.GROUP-FILE-URL-FIELD-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] apparitionsec@gmail
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
Windows ".Group" File Type

Gorup files are a collection of contacts created by Windows Contacts, an embedded contact...

[SECURITY] [DSA 4592-1] mediawiki security update

Bug Traq - 30 December, 2019 - 02:31

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4592-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2019-19709

It was...

Microsoft Exchange Server, External Service Interaction (DNS)

Bug Traq - 30 December, 2019 - 02:28

Posted by Alphan YAVAS on Dec 29

I. VULNERABILITY
-------------------------
Microsoft Exchange Server, External Service Interaction (DNS)
Exchange Server 2013 CU22 and previous.

II. CVE REFERENCE
-------------------------
Not Assigned Yet

III. VENDOR
-------------------------
https://www.microsoft.com

IV. DESCRIPTION
-------------------------
Microsoft Exchange Server are affected from External Service
Interaction(DNS) vulnerability. A remote attacker could force the...

[SECURITY] [DSA 4594-1] openssl1.0 security update

Bug Traq - 30 December, 2019 - 02:25

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4594-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl1.0
CVE ID : CVE-2019-1551

Guido Vranken...

[SECURITY] [DSA 4593-1] freeimage security update

Bug Traq - 30 December, 2019 - 02:25

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4593-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freeimage
CVE ID : CVE-2019-12211 CVE-2019-12213...

[SECURITY] [DSA 4595-1] debian-lan-config security update

Bug Traq - 30 December, 2019 - 02:16

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4595-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : debian-lan-config
CVE ID : CVE-2019-3467
Debian Bug...

[SECURITY] [DSA 4596-1] tomcat8 security update

Bug Traq - 30 December, 2019 - 02:12

Posted by Moritz Muehlenhoff on Dec 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-4596-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 27, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8
CVE ID : CVE-2018-8014 CVE-2018-11784...

YSTS 14th Edition - Call for Papers

Daily Dave - 23 December, 2019 - 13:49

Posted by Luiz Eduardo on Dec 23

Where: Sao Paulo, Brazil

When: May 25th, 2020

Call for Papers Opens: December 15th, 2019

Call for Papers Close: February 29th, 2020

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE

you Sh0t the Sheriff is a very unique one-day, one-track event dedicated to
bringing cutting edge infosec content to the top-notch

professionals of the Brazilian Information Security Community.

YSTS is a an exclusive, invite-only security conference, usually...
Syndicate content