seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 1 óra 14 perc
2020. január 21.

CarolinaCon CFP

Posted by CarolinaCon on Jan 21

CarolinaCon16 will be hosted in Charlotte, North Carolina at the Embassy
Suites, April 10th through the 11th. All interested in speaking in the
realm of hacking, technology, science, robotics or any other related
field are invited to submit a proposal to speak at the Con. A proposal
should include the following:

* Name or handle/alias
* Presentation name
* A brief abstract, 1-2 paragraphs
* An estimated time-length of your...
2020. január 21.

[REVIVE-SA-2020-001] Revive Adserver Vulnerability

Posted by Matteo Beccati via Fulldisclosure on Jan 21

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2020-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2020-001
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2020-01-21
Risk Level: Low...
2020. január 21.

Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857

Posted by hyp3rlinx on Jan 21

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.neowise.com

[Product]
CarbonFTP v1.4

CarbonFTP is a file synchronization tool that enables you to synch local
files with a remote FTP server and vice versa.
It provides a step-by-step...
2020. január 17.

[TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information)

Posted by Thierry Zoller on Jan 17


2020. január 17.

[TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size)

Posted by Thierry Zoller on Jan 17


2020. január 17.

.diagcab directory traversal leading to arbitrary code execution

Posted by Imre Rad on Jan 17

I identified a flaw in the implementation of Microsoft's
Troubleshooter technology that could lead to remote code execution if
a crafted .diagcab file is opened by the victim. The exploit leverages
a rogue webdav server to trick MSDT to drop files to attacker
controller locations on the file system.

If you see the following pattern in any Windows applications, they
might be vulnerable too:

#define MAXPATH 0x104

TCHAR...
2020. január 17.

Re: Fortinet FortiSIEM Hardcoded SSH Key

Posted by Fortinet PSIRT on Jan 17

Hi, A patch to fix this issue is available to customers and detailed in the following public advisory at
https://fortiguard.com/psirt/FG-IR-19-296.
We can confirm that in addition to the automatic replies, emails were sent to Mr. Klaus on December 5th and December
24th.
However, after some investigation we have learned that the emails were not successfully delivered.
We offer our sincere apologies to Mr. Klaus and have acknowledged his work in...
2020. január 17.

CVE-2020-2696 - Local privilege escalation via CDE dtsession

Posted by Marco Ivaldi on Jan 17

Dear Full Disclosure,

Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of
January 2020:

"A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and
earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges
via a long palette name passed to dtsession in a...
2020. január 17.

CVE-2020-2656 - Low impact information disclosure via Solaris xlock

Posted by Marco Ivaldi on Jan 17

Dear Full Disclosure,

Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of
January 2020:

"A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow
local users to read partial contents
of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to
escalate...
2020. január 17.

CVE-2019-19697 / Trend Micro Security 2019 (Consumer) / Security Bypass Protected Service Tampering

Posted by hyp3rlinx on Jan 17

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
[+] ISR: ApparitionSec

[Vendor]
www.trendmicro.com

[Product]
Trend Micro Security 2019 (Consumer) Multiple Products

Trend Micro Security provides comprehensive protection for your devices.
This includes protection against ransomware,...
2020. január 17.

CVE-2019-20357 / Trend Micro Security (Consumer) / Persistent Arbitrary Code Execution

Posted by hyp3rlinx on Jan 17

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.trendmicro.com

[Product(s)]
Trend Micro Security (Consumer) Multiple Products

Trend Micro Security provides comprehensive protection for your devices.
This includes protection against...
2020. január 14.

[TOOL] Permanent SD Card Locker (Read Only)

Posted by Thierry Zoller on Jan 13

Thought this might be interesting to the audience of FD.
https://blog.zoller.lu/2020/01/sd-card-permanent-read-only-locker.html
2020. január 14.

[TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

Posted by Thierry Zoller on Jan 13


2020. január 14.

[TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG)

Posted by Thierry Zoller on Jan 13


2020. január 11.

[TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)

Posted by Thierry Zoller on Jan 10


2020. január 11.

[TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)

Posted by Thierry Zoller on Jan 10


2020. január 11.

[PATCH] (security) launcher: don't attempt to execute arbitrary binaries

Posted by Enrico Weigelt, metux IT consult on Jan 10

What might be convenience functionality, poses a real-life security threat:

A user can be tricked be tricked to download malicious code, unpack it with
+x permissions (eg. via tar) and execute it by just clicking on the icton.
In combination with other techniques (eg. homoglyphs), even more experienced
users can be tricked "open" some supposedly harmless file type, while Thunar
in fact executes a binary - with full user's...
2020. január 7.

[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)

Posted by Thierry Zoller on Jan 07


2020. január 7.

Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext 11.1.47

Posted by Daniel Bishtawi on Jan 07

Hello,

We are informing you about the vulnerabilities in ERPNext 11.1.47

Here are the details:

Information
--------------------

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting Vulnerabilities in ERPNext
Affected Software: ERPNext
Affected Versions: 11.1.47
Vendor Homepage: https://erpnext.com/
Vulnerability Type: Reflected Cross-site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0):...
2020. január 7.

Two vulnerabilities found in MikroTik's RouterOS

Posted by Q C on Jan 07

Advisory: two vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Affected Versions: before 6.44.6 (Long-term release tree)
Fixed Versions: 6.44.6 (Long-term release tree)
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the...