Skip to content

sec.fail

Learning Through Failure

Hello world!

Posted on July 12, 2017 by blog_zre65f

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Industry News

RSS National Vulnerability Database CVE – Last 8 Days

  • CVE-2019-8933 February 19, 2019
    In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to […]
  • CVE-2019-8919 February 18, 2019
    The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
  • CVE-2019-7629 February 18, 2019
    Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
  • CVE-2019-8917 February 18, 2019
    SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.
  • CVE-2019-8910 February 18, 2019
    An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
  • CVE-2019-8911 February 18, 2019
    An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).
  • CVE-2019-8912 February 18, 2019
    In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
  • CVE-2019-8908 February 18, 2019
    An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.
  • CVE-2019-8909 February 18, 2019
    An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.
  • CVE-2019-8907 February 18, 2019
    do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

RSS CERT Vulnerability Notes

  • VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities February 18, 2019
    A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,88W8897,and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans,an overflow condition can be triggered,overwriting certain block pool data structures. Because many devices conduct automatic background network scans,this vulnerability could be exploited regardless […]
  • VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks February 6, 2019
    Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscriptionRequest,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscriptionRequest function will attempt to negotiate with the arbitrary web server using NTLM authentication. Starting with Microsoft Exchange 2013,the […]
  • VU#395981: Self-encrypting hard drives do not adequately protect data February 4, 2019
    CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowing the attacker to decrypt information encrypted with that key. According to National Cyber […]
  • VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability January 28, 2019
    Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability(CWE-79)in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert JavaScript into this note field that is then saved and displayed to the […]
  • VU#741315: Dokan file system driver contains a stack-based buffer overflow January 15, 2019
    CWE-121:Stack-based Buffer Overflow - CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
  • VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update January 7, 2019
    CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following Texas Instrument chips are affected: CC2640(non-R2)with BLE-STACK version 2.2.1 or an earlier version CC2650 with BLE-STACK version 2.2.1 or an earlier version CC2640R2F with SimpleLink CC2640R2 SDK version 1.00.00.22(BLE-STACK 3.0.0)CC1350 with SimpleLink CC13x0 SDK version 2.20.00.38(BLE-STACK […]
  • VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow January 4, 2019
    CWE-122:Heap-based Buffer Overflow - CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that"an attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account."This remote code execution vulnerability exists in Windows DNS servers when they fail to properly handle requests.
  • VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition January 4, 2019
    CWE-362:Concurrent Execution using Shared Resource with Improper Synchronization('Race Condition')- CVE-2018-8611 According to Microsoft,the Windows kernel fails"to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode,and then"install programs; view,change,or delete data; or create new accounts with full user rights."
  • VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability December 21, 2018
    Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability. This vulnerability was detected in […]
  • VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition December 20, 2018
    The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The MsiAdvertiseProduct contains a race condition while performing checks,which can allow an attacker to read an arbitrary file which would otherwise be protected with filesystem […]

RSS SecLists Full Disclosure

  • Re: [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets February 13, 2019
    Posted by Security Explorations on Feb 13Hello All, Due to no interest in our SAT TV security research, the remaining bits of SRP-2018-02 material including the following: - technical details of a new ST chipset vulnerability, - Proof of Concept code for the above vulnerability, - Proof of Concept codes for set-top-box and ST chipset […]
  • KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12===================================================== DoS and gecko reboot in the nokia 8810 4G handset ===================================================== . contents:: Table Of Content Overview ======== Title:- DoS and gecko reboot in the nokia 8810 4G handset Author: Kaustubh G. Padwad CVE ID: CVE-2019-7386 Vendor: HMD Global, Nokia, KaiOS Products: Nokia 88104G Tested Version: : […]
  • KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title:- Authenticated Shell command Injection Author: Kaustubh G. Padwad Vendor: Raisecom technology co.,LTD Product: GPON-ONU HT803G-07 (could be more who shares the same codebase) Potentially vulnerable ISCOM HT803G-U ISCOM HT803G-W ISCOM HT803G-1GE ISCOM HT803G Tested...
  • KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title:- Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7384. Vendor: Raisecom technology co.,LTD Product: GPON-ONU HT803G-07 (could be more who shares the same codebase) Potentially vulnerable ISCOM HT803G-U ISCOM HT803G-W ISCOM HT803G-1GE...
  • KSA-Dev-003:CVE-2019-7383 : Remote Code Execution Via shell upload in all systorme ISG products February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks (http://systrome.com/about/) Products: 1.ISG-600C 2.ISG-600H 3.ISG-800W Tested Version: : ISG-V1.1-R2.1_TRUNK-20181105.bin(Respetive for...
  • KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG Products. CVE ID:- CVE-2018-19525 Author: Kaustubh G. Padwad Vendor: Systrome Networks (http://systrome.com/about/) Products: 1.ISG-600C...
  • KSA-DEV-001: CVE-2018-19524 : StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. February 12, 2019
    Posted by Kingkaustubh via Fulldisclosure on Feb 12======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ======== Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical Network terminals. CVE-ID :- CVE-2018-19524 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(...
  • Content Injection in Amazon's FireOS [CVE-2019-7399] February 8, 2019
    Posted by Nightwatch Cybersecurity Research on Feb 08[Original blog post here: https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/] SUMMARY The FireOS operating system provided by Amazon for Fire tablet devices can be injected with malicious content by an MITM attacker. An attacker can also capture the serial number of the device. The root cause is lack of HTTPS for legal content […]
  • [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone February 8, 2019
    Posted by Rafael Pedrero on Feb 08
  • [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service February 8, 2019
    Posted by Rafael Pedrero on Feb 08
  • [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3 February 8, 2019
    Posted by Rafael Pedrero on Feb 08
  • [CVE-2019-7416] Client Side URL Redirect (OTG-CLIENT-004) in OpenText Documentum Webtop 5.3 SP2 February 8, 2019
    Posted by Rafael Pedrero on Feb 08
  • APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS February 8, 2019
    Posted by Apple Product Security via Fulldisclosure on Feb 08APPLE-SA-2019-2-07-3 Shortcuts 2.1.3 for iOS Shortcuts 2.1.3 for iOS is now available and addresses the following: Shortcuts Available for: Shortcuts 2.1.2 for iOS Impact: A local user may be able to view senstive user information Description: A parsing issue in the handling of directory paths was […]
  • APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update February 8, 2019
    Posted by Apple Product Security via Fulldisclosure on Feb 08APPLE-SA-2019-2-07-2 macOS Mojave 10.14.3 Supplemental Update macOS Mojave 10.14.3 Supplemental Update is now available and addresses the following: FaceTime Available for: macOS Mojave 10.14.3 Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: A logic issue existed […]
  • APPLE-SA-2019-2-07-1 iOS 12.1.4 February 8, 2019
    Posted by Apple Product Security via Fulldisclosure on Feb 08APPLE-SA-2019-2-07-1 iOS 12.1.4 iOS 12.1.4 is now available and addresses the following: FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer Description: […]
Proudly powered by WordPress | Theme: Argent by Automattic.