Riasztások

SecurityFocus · 2019. december 21.

Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability

Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
SecurityFocus · 2019. október 10.

Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities

Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
SecurityFocus · 2019. szeptember 11.

Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities

OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities
SecurityFocus · 2019. június 6.

Vuln: Node.js Multiple Denial of Service Vulnerabilities

Node.js Multiple Denial of Service Vulnerabilities
SANS · 1 óra 57 perc

Decoding QR Codes with Python, (Sun, Mar 24th)

In diary entry "Sextortion Email Variant: With QR Code", I had to decode a QR code. I didn't mention it in my diary entry, but I used an online service to decode the QR Code (I didn't want to use my smartphone).

But what if you don't want to use any online service?

You can also use a Python module: python-qrtools. I installed it on Ubuntu 18 with the following command:

sudo apt-get install python-qrtools

And then I used a simple Python program like this one:

import sys
import qrtools

qr = qrtools.QR()
print(qr.decode(sys.argv[1]))
print(qr.data)

We received the sextortion email with QR code as a .msg file. These files can be analyzed with oledump.py:

Plugin plugin_msg can help with locating the streams that contain the attachments (images):

The beginning of the content of the attachment data streams indicates that these are .png files: \x89PNG.

Grepping for PNG reveals that stream 3, 11 and 19 contain the .png files:

Extracting the .png attachments to disk:

Decoding the QR code:

Images 1 and 2 don't contain a QR code (False), but image 3 does (True), and the Bitcoin address is displayed.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
NVD: all CVE · 3 óra 36 perc

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
NVD: all CVE · 4 óra 36 perc

CVE-2019-9977

The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
Linux security Advisories · 6 óra 4 perc

Debian: DSA-4416-1: wireshark security update

It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.
Linux security Advisories · 8 óra 3 perc

Debian: DSA-4415-1: passenger security update

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its
Linux security Advisories · 9 óra 31 perc

ArchLinux: 201903-14: firefox: arbitrary code execution

The package firefox before version 66.0.1-1 is vulnerable to arbitrary code execution.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9962

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9963

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9964

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9965

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9966

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9967

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9968

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9969

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.
NVD: all CVE · 16 óra 36 perc

CVE-2019-9970

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
NVD: all CVE · 17 óra 36 perc

CVE-2019-9960

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.