Skip to content

sec.fail

Learning Through Failure

Hello world!

Posted on July 12, 2017 by blog_zre65f

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Industry News

RSS National Vulnerability Database CVE – Last 8 Days

  • CVE-2019-11378 April 20, 2019
    An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
  • CVE-2019-11377 April 20, 2019
    wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
  • CVE-2019-11376 April 20, 2019
    ** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a
  • CVE-2019-11374 April 20, 2019
    74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
  • CVE-2019-11373 April 20, 2019
    An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
  • CVE-2019-11372 April 20, 2019
    An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
  • CVE-2019-11375 April 20, 2019
    Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
  • CVE-2019-11366 April 20, 2019
    An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread […]
  • CVE-2019-11365 April 20, 2019
    An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code […]
  • CVE-2019-11362 April 20, 2019
    app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

RSS CERT Vulnerability Notes

  • VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities April 19, 2019
    A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,88W8897,and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans,an overflow condition can be triggered,overwriting certain block pool data structures. Because many devices conduct automatic background network scans,this vulnerability could be exploited regardless […]
  • VU#166939: Broadcom WiFi chipset drivers contain multiple vulnerabilities April 19, 2019
    Vulnerabilities in the open source brcmfmac driver: CVE-2019-9503:If the brcmfmac driver receives a firmware event frame from a remote source,the is_wlc_event_frame function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host,the appropriate handler is called. This frame validation can be bypassed if […]
  • VU#192371: VPN applications insecurely store session cookies April 18, 2019
    Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and versions store the cookie insecurely in log files: - CVE-2019-1573:Palo Alto Networks GlobalProtect Agent 4.1.0 for […]
  • VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant April 16, 2019
    CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous"implementation"vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as Dragonfly Key Exchange,as the initial key exchange protocol,replacing WPA2's Pre-Shared Key(PSK)protocol. hostapd is a daemon for access point and authentication servers used […]
  • VU#174715: MyCar Controls uses hard-coded credentials April 8, 2019
    MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation,remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit. The MyCar Controls mobile application contains hard-coded admin credentials(CWE-798)which can be used in place of a user's username and password to communicate with the server endpoint for […]
  • VU#465632: Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks February 20, 2019
    Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscriptionRequest,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscriptionRequest function will attempt to negotiate with the arbitrary web server using NTLM authentication. Starting with Microsoft Exchange 2013,the […]
  • VU#395981: Self-encrypting hard drives do not adequately protect data February 4, 2019
    CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowing the attacker to decrypt information encrypted with that key. According to National Cyber […]
  • VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability January 28, 2019
    Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability(CWE-79)in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert JavaScript into this note field that is then saved and displayed to the […]
  • VU#741315: Dokan file system driver contains a stack-based buffer overflow January 15, 2019
    CWE-121:Stack-based Buffer Overflow - CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
  • VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update January 7, 2019
    CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following Texas Instrument chips are affected: CC2640(non-R2)with BLE-STACK version 2.2.1 or an earlier version CC2650 with BLE-STACK version 2.2.1 or an earlier version CC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22(BLE-STACK 3.0.0)CC1350 with SimpleLink CC13x0 SDK version 2.20.00.38(BLE-STACK […]

RSS SecLists Full Disclosure

  • Re: Redhat/CentOS root through network-scripts April 19, 2019
    Posted by Victor Angelier CCX on Apr 18sounds clear, thanks! Met vriendelijke groet, Kind regards, the Coding Company [cid:6ccbe4bb-c1c0-4df5-9d4b-636a22d7d37a] V.A. (Victor) Angelier CISO,Certified Hacker, CAST611 Certified Advanced Pentester, DevOps PGP: 612C4BB2 T: +31 55 302 00 10 (Main number) M: +46 76 835 6450 (Swedish) M: +31 6 195 22 602 (Dutch) E: victor () […]
  • CVE-2018-2879 - anniversary April 19, 2019
    Posted by Red Timmy Sec - on Apr 18For the anniversary of the discovery of CVE-2018-2879 by Sec Consult (https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/) we have decided to release OAMbuster, a multi-thread implementation of CVE-2018-2879. Link of the exploit: https://github.com/redtimmy/OAMBuster Some additional details: https://redtimmysec.wordpress.com/2019/04/14/oambuster-multithreaded-exploit-for-cve-2018-2879/ Regards, Red Timmy...
  • Re: Redhat/CentOS root through network-scripts April 19, 2019
    Posted by Kurt H Maier on Apr 18 Yes, if a root-user process executes a script as root then the resulting commands are indeed run as root. Those are not INI files, they are shell scripts that set environment variables. If you do not want your users to have root access on your computer, do […]
  • Obtaining location using Google maps & JavaScript April 19, 2019
    Posted by Bhavesh Naik via Fulldisclosure on Apr 18HTML5's geolocation feature asks for permissions to obtain users current location & the current IP to location also fails to pinpoint exact location of the user.However, one can use google maps to obtain the location of the user (being said that he is currently logged in with […]
  • Re: Microsoft Internet Explorer v11 / XML External Entity Injection 0day April 19, 2019
    Posted by hyp3rlinx on Apr 18Vimeo reinstated my account few hours later but I switched to youtube for now.. but will check those out. Thank you for that... hyp3rlinx
  • Redhat/CentOS root through network-scripts April 16, 2019
    Posted by Victor Angelier CCX on Apr 16Hi there, Just found an issue in Redhat/CentOS which according to RedHat security team is not an issue. I don't know, sounds weird to me. If, for whatever reason, a user is able to write an ifcf- script to /etc/sysconfig/network-scripts or it can adjust an existing one, then […]
  • Re: Microsoft Internet Explorer v11 / XML External Entity Injection 0day April 16, 2019
    Posted by bo0od on Apr 16have your own videos either on one of the PeerTubes instances or have your own instance. https://joinpeertube.org/en/ other good alternative would be: https://mediagoblin.org/pages/tour.html Enjoy! hyp3rlinx:
  • CVE-2019-9955 Refelected XSS on Zyxel Login page April 16, 2019
    Posted by aaron bishop on Apr 16Numerous Zyxel devices are vulnerable to a reflected XSS issue on the login page. The mp_idx parameter is included in the page unsanitized. A request such a https://$RHOST/?mobile=1&mp_idx=%22;alert(1);// Will trigger an alert, demonstrating the issue. A call to getScript() can be used to include a full external JavaScript file […]
  • [SE-2019-01] Gemalto SIM card applet loading vulnerability April 15, 2019
    Posted by Security Explorations on Apr 14Hello All, On Mar 20, 2019 Security Explorations reported a security vulnerability (Issue 19) to Gemalto [1], that made it possible to achieve read, write and native code execution access on company's card (GemXplore 3G v3.0). On Mar 30, 2019, Gemalto provided is with the results of its analysis […]
  • Microsoft Internet Explorer v11 / XML External Entity Injection 0day April 13, 2019
    Posted by hyp3rlinx on Apr 13vimeo removed my account for no good reason so new POC url is included. [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Microsoft Internet Explorer v11 (latest version) Internet Explorer is a series of graphical web browsers...
  • Nagios XI 5.5.10: XSS to root RCE (CVE-2019-9164, 9165, 9166, 9167, 9202, 9203, 9204) April 13, 2019
    Posted by Abdel Adim `smaury` Oisfi on Apr 13Description ========== Various vulnerabilities have been found in Nagios XI 5.5.10, which allow a remote attacker able to trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected Cross-Site Scripting (XSS), an authenticated Remote […]
  • Security Analysis of the TP-Link Archer C50 Router April 13, 2019
    Posted by Harley A.W. Lorenzo via Fulldisclosure on Apr 13================================================================================ Title: Security Analysis of the TP-Link Archer C50 Router Version: Archer C50(US)_V2_160801 (latest firmware available) Product Page: https://www.tp-link.com/us/home-networking/wifi-router/archer-c50/ Published: 2019-04-10 (UTC Time) Published by: Harley A.W. Lorenzo ...
  • HD Pan/Tilt Wi-Fi Camera NC450 Hard-Coded Credential Vulnerability April 9, 2019
    Posted by Sachin Wagh on Apr 09*Summary:* The NC450 is your favorable companion that meets to home and office surveillance needs, keeping you in touch with what matters most. With its smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the camera to almost any position you want and watch over a […]
  • DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities April 9, 2019
    Posted by secure on Apr 09DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities Dell EMC Identifier: DSA-2019-031 CVE Identifier: CVE-2019-3708, CVE-2019-3709 Severity: High Severity Rating: Please refer to the Details section below of individual CVSS Scores for each CVE. Affected products: Dell EMC IsilonSD Management Server 1.1.0 Summary: Dell EMC IsilonSD Management Server […]
  • CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition April 9, 2019
    Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 09CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition The call for papers for H2HC 16th edition is now open. H2HC is a hacker conference taking place in Sao Paulo, Brazil, on 26th and 27th of October 2019. [ - INTRODUCTION - ] For another consecutive […]
Proudly powered by WordPress | Theme: Argent by Automattic.