Security

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Security Alerts - Tue, 09/10/2019 - 12:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...
Categories: Security

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Security Alerts - Tue, 09/10/2019 - 11:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...
Categories: Security

[SECURITY] [DSA 4521-1] docker.io security update

Security Alerts - Tue, 09/10/2019 - 11:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...
Categories: Security

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Security Alerts - Tue, 09/10/2019 - 11:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...
Categories: Security

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

Security Alerts - Tue, 09/10/2019 - 11:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...
Categories: Security

[SECURITY] [DSA 4520-1] trafficserver security update

Security Alerts - Tue, 09/10/2019 - 11:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...
Categories: Security

[SECURITY] [DSA 4519-1] libreoffice security update

Security Alerts - Tue, 09/10/2019 - 11:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...
Categories: Security

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Security Alerts - Tue, 09/10/2019 - 11:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...
Categories: Security

[SECURITY] [DSA 4518-1] ghostscript security update

Security Alerts - Tue, 09/10/2019 - 11:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...
Categories: Security

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Security Alerts - Tue, 09/10/2019 - 11:28

Posted by Kevin Kotas on Sep 10

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...
Categories: Security

[SECURITY] [DSA 4517-1] exim4 security update

Security Alerts - Fri, 09/06/2019 - 07:29

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4517-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-15846

"Zerons"...
Categories: Security

Windows NTFS / Privileged File Access Enumeration

Security Alerts - Fri, 09/06/2019 - 07:27

Posted by apparitionsec on Sep 06

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default
file system of the Windows NT family....
Categories: Security

[SECURITY] [DSA 4516-1] firefox-esr security update

Security Alerts - Fri, 09/06/2019 - 07:22

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4516-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9812 CVE-2019-11740...
Categories: Security

AST-2019-005: Remote Crash Vulnerability in audio transcoding

Security Alerts - Fri, 09/06/2019 - 07:18

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-005

Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
Categories: Security

AST-2019-004: Crash when negotiating for T.38 with a declined stream

Security Alerts - Fri, 09/06/2019 - 07:14

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-004

Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...
Categories: Security

Tor 0.2.1.29 is released (security patches)

Tor Releases - Mon, 01/17/2011 - 16:58
Tor 0.2.1.29 continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.29 - 2011-01-15 o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able
Categories: Security

Tor 0.2.1.28 is released (security patches)

Tor Releases - Mon, 12/20/2010 - 14:58
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. Thanks to Willem Pinckaers for notifying us of the issue. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. We also took this opportunity to change the IP address for one of our directory authorities, and to update the geoip database we ship. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. ----------------------------------------------
Categories: Security
Syndicate content