Skip to content

sec.fail

Learning Through Failure

Hello world!

Posted on July 12, 2017 by blog_zre65f

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Industry News

RSS National Vulnerability Database CVE – Last 8 Days

  • CVE-2019-15498 August 23, 2019
    cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
  • CVE-2019-15499 August 23, 2019
    CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
  • CVE-2019-15326 August 22, 2019
    The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
  • CVE-2019-13139 August 22, 2019
    In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution […]
  • CVE-2019-15325 August 22, 2019
    In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
  • CVE-2019-15327 August 22, 2019
    The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
  • CVE-2019-15329 August 22, 2019
    The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
  • CVE-2019-15328 August 22, 2019
    The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
  • CVE-2014-10393 August 22, 2019
    The cforms2 plugin before 10.5 for WordPress has XSS.
  • CVE-2015-9334 August 22, 2019
    The email-newsletter plugin through 20.15 for WordPress has SQL injection.

RSS CERT Vulnerability Notes

  • VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion August 20, 2019
    The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations,how to mitigate abnormal behavior is left to the implementer which can leave it open to the following weaknesses. CVE-2019-9511,also known as Data Dribble […]
  • VU#918987: Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks August 19, 2019
    Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two Bluetooth devices must pair with each other and establish a link key that is used to […]
  • VU#489481: Cylance Antivirus Products Susceptible to Concatenation Bypass August 1, 2019
    Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality that uses a machine learning algorithm(specifically,a neural network)to classify executables as malicious or benign. Security researchers isolated properties of the machine learning algorithm allowing them to change most known-malicious files in simple ways that cause the Cylance product to misclassify the file as […]
  • VU#790507: Oracle Solaris vulnerable to arbitrary code execution via /proc/self July 17, 2019
    The process file system(/proc)in Oracle Solaris 11 and Solaris 10 provides a self/alias that refers to the current executing process's PID subdirectory with state information about the process. Protection mechanisms for/proc in Solaris 11/10 did not properly restrict the current(self)process from modifying itself via/proc. For services strictly providing file IO this lack of restriction allows […]
  • VU#129209: LLVMs Arm stack protection feature can be rendered ineffective July 15, 2019
    The stack protection feature provided in the LLVM Arm backend is an optional mitigating feature used to protect against buffer overflows. It works by adding a cookie value between local variables and the stack frame return address. The compiler stores this value in memory and checks the cookie with the LocalStackSlotAllocation function to ensure that […]
  • VU#905115: Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels July 8, 2019
    CVE-2019-11477:SACK Panic(Linux>=2.6.29). A sequence of specifically crafted selective acknowledgements(SACK)may trigger an integer overflow,leading to a denial of service or possible kernel failure(panic). CVE-2019-11478:SACK Slowness(Linux
  • VU#576688: Microsoft Windows RDP can bypass the Windows lock screen June 19, 2019
    In Windows a session can be locked,which presents the user with a screen that requires authentication to continue using the session. Session locking can happen over RDP in the same way that a local session can be locked. CWE-288:Authentication Bypass Using an Alternate Path or Channel(CVE-2019-9510) Starting with Windows 10 1803(released in April 2018)and Windows […]
  • VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability June 12, 2019
    Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for users to view,create,and modify scheduled tasks. The back-end part of Task Scheduler is a Windows service that runs with SYSTEM privileges. One of the libraries used […]
  • VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant June 5, 2019
    CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous"implementation"vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as Dragonfly Key Exchange,as the initial key exchange protocol,replacing WPA2's Pre-Shared Key(PSK)protocol. hostapd is a daemon for access point and authentication servers used […]
  • VU#877837: Multiple vulnerabilities in Quest Kace System Management Appliance June 3, 2019
    CVE-2018-5404:The Quest Kace System Management(K1000)Appliance allows an authenticated,remote attacker with least privileges('User Console Only' role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Quest Kace System Management(K1000)Appliance allows an authenticated least privileged user with‘User Console Only’rights to potentially inject arbitrary JavaScript code […]

RSS SecLists Full Disclosure

  • SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js August 22, 2019
    Posted by SEC Consult Vulnerability Lab on Aug 22You owe me € 10
  • SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus August 21, 2019
    Posted by SEC Consult Vulnerability Lab on Aug 21SEC Consult Vulnerability Lab Security Advisory < 20190821-0 > ======================================================================= title: Unauthenticated sensitive information leakage product: Zoho Corporation ManageEngine ServiceDesk Plus vulnerable version: v10 =10509 CVE number: CVE-2019-15045, CVE-2019-15046 impact: Critical homepage:...
  • No cON Name 2019 Congress CFP August 16, 2019
    Posted by sqlsec--- via Fulldisclosure on Aug 16No cON Name 2019 Congress Call For Papers https://www.noconname.org/call-for-papers/ INTRODUCTIONThe organization has opened CFP. Our goal is to get highly  qualifiedrequests  for both, speaker opportunities, as well as workshops, to show in  oneof  the most  respected hacker conferences in  Barcelona and Spain, NcN (No cONName).We will be accepting […]
  • APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 August 16, 2019
    Posted by Apple Product Security via Fulldisclosure on Aug 16APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 SwiftNIO HTTP/2 1.5.0 is now available and addresses the following: SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving […]
  • APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 August 16, 2019
    Posted by Apple Product Security via Fulldisclosure on Aug 16APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 tvOS 12.4 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input […]
  • APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 August 16, 2019
    Posted by Apple Product Security via Fulldisclosure on Aug 16APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation […]
  • APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 August 16, 2019
    Posted by Apple Product Security via Fulldisclosure on Aug 16APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 iOS 12.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key […]
  • APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra August 16, 2019
    Posted by Apple Product Security via Fulldisclosure on Aug 16APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read […]
  • Open-Xchange Security Advisory 2019-08-15 August 16, 2019
    Posted by Open-Xchange GmbH via Fulldisclosure on Aug 16Dear subscribers, we&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX Guard Vendor: OX Software […]
  • Open-Xchange Security Advisory 2019-08-15 August 16, 2019
    Posted by Open-Xchange GmbH via Fulldisclosure on Aug 16Dear subscribers, we&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX App Suite Vendor: OX […]
  • Some interesting facts about gitlab runners August 13, 2019
    Posted by John Doe on Aug 13So generally when you create a docker container, you specify what network you want to create it on right? Well due to historical reasons if you don&apos;t the container is created on the default "bridge0" network. This network doesn&apos;t have service discovery in the proper sense. To have containers […]
  • TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability August 13, 2019
    Posted by Vulnerability Lab on Aug 13Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2188 Product: https://osdn.net/projects/tortoisesvn/storage/1.12.1/Application/TortoiseSVN-1.12.1.28628-x64-svn-1.12.2.msi/ Ticket: https://groups.google.com/forum/#!forum/tortoisesvn http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14422 CVE-ID:...
  • Multiple banks - potential risk of an inconsequent client separation August 9, 2019
    Posted by Tim Schughart on Aug 09Hello together, as many of you already know some german banks are sharing the same hoster. Via google dorking it is possible to determine some customers of one of those hosters (Fiducia & GAD IT AG). The hoster uses a GET parameter called „bankid“ to identify its customers. For […]
  • Dlink-CVE-2019-13101 August 9, 2019
    Posted by Devendra Solanki on Aug 09A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150 Home Router in multiple respective firmware versions. The vulnerability provides unauthenticated remote access to the router&apos;s WAN configuration page i.e. "wan.htm", which leads to disclosure of sensitive user information including but not limited to PPPoE, DNS configuration etc, […]
  • Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command Injection Vulnerability with Root Priviledges in /cgi-bin/webuploadconfig script August 9, 2019
    Posted by Axel Rengstorf on Aug 09BlueBox Security http://www.bluebox-security.de/ security(at)bluebox-security.de bbs-2019.001.txt 08-August-2019
Proudly powered by WordPress | Theme: Argent by Automattic.