seclist.org

Posted by Marco Ivaldi on Jul 18

Hi,

Just a quick follow-up to my original advisory. The CVE name CVE-2019-2832 has been assigned to the vulnerability and
Oracle has released a patch in its July 2019 CPU. Further information is available at:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixSUNS
https://support.oracle.com/epmos/faces/DocContentDisplay?id=2560938.1

Once again, I would like to thank Jon Trulson (maintainer of the open...

Posted by Marcin Kozlowski on Jul 16

Hi list,

Maybe you find this interesting. In July 2019 Android fixed several
critical bugs, including this one. I think "Hevcfright" (in reference to
Stagefright) is quite possible, with lot of effort, I guess. This video
will crash stock VideoPlayer in Android 7-9 without July 2019 Patch (
https://source.android.com/security/bulletin/2019-07-01). More here:
https://github.com/marcinguy/CVE-2019-2107/

Thanks,
Marcin

Posted by hyp3rlinx on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15

https://www.computerlab.com/index.php/downloads/category/27-device-manager...

Posted by hyp3rlinx on Jul 16

[** CORRECTION Fixed Port Typo]

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format,
consisting of a...

Posted by Daniel Bishtawi on Jul 12

Hello,

We are informing you about the vulnerabilities we reported in phpFK
lite-version.

*Information:*

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in phpFK
Affected Software: phpFK
Affected Versions: lite-version
Homepage: https://www.frank-karau.de/
Vulnerability: Reflected Cross-site Scripting
Severity: 7.4 High
Status: Not Fixed
CVSS Score (3.0): CVE-2017-18364
CVSS Score (3.0):...

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...

Posted by Stefan Kanthak on Jul 09

Hi @ll,

Mozilla finally provides MSI installers for their just released
Firefox 68 and Firefox 68 ESR for Windows:
<https://archive.mozilla.org/pub/firefox/releases/68.0/win32/de/Firefox%20Setup%2068.0.msi>
<https://archive.mozilla.org/pub/firefox/releases/68.0esr/win32/de/Firefox%20Setup%2068.0esr.msi>

These MSI installers are but DEFECTIVE, VULNERABLE and a bluff:
Mozilla just wrapped their (UPX-compressed) 7-zip self-extractors,...

Posted by Joey Lane via Fulldisclosure on Jul 09

# Exploit Title: PowerPanel Business Edition 3.4.0 - Cross Site Request
Forgery
# Date: 7/9/2019
# Exploit Author: Joey Lane
# Vendor Homepage: https://www.cyberpowersystems.com
# Version: 3.4.0
# Tested on: Ubuntu 16.04
# CVE : CVE-2019-13071
# Reported to vendor on 5/25/2019, no acknowledgement.

The Agent/Center component of PowerPanel Business Edition is vulnerable to
cross site request forgery. This can be exploited by tricking an...

Posted by xen1thLabs on Jul 09

## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...

Posted by Pedro Ribeiro on Jul 09

Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...

Posted by MustLive on Jul 09

Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities
in TP-Link TL-WR940N and TL-WR941ND. After my advisory about
vulnerabilities in TP-Link TL-WR841N and TL-WR841ND in 2017.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: TP-Link TL-WR940N and TL-WR941ND,
Firmware Version 3.16.9 Build 151216. All other versions also must be
vulnerable. I informed TP-Link about...

Posted by Matthias Deeg on Jul 09

Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: CVE-2019-13352
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Posted by Jonathan Leitschuh on Jul 09

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit
your website!

A vulnerability in the Mac Zoom Client allows any malicious website to
enable your camera without your permission. The flaw potentially exposes up
to 750,000 companies around the world that use Zoom to conduct day-to-day
business.

Full post:...

Posted by gionreale on Jul 09

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.

Discovered by Gionathan Armando Reale

Posted by Eitan shav on Jul 09

[Description]
Polycom RealPresence Touch devices (hardware version 7; operating
system version 2.1.2-255) allow remote attackers to cause a denial of
service (networking outage) by sending "Slowloris" packet data to the
login interface.

[VulnerabilityType]
Slowloris DoS

[Vendor of Product]
Polycom

[Affected Product Code Base]
RealPresence Touch device - Hardware version: 7 , operating system version: 2.1.2-255

[Attack...

Posted by No One on Jul 09

Razer is a company that produces gaming-centric computer peripherals,
laptops, desktops, and mobile phones. Many of their products allow for
rich customization of device lighting effects. These features are managed
by a client application called Synapse.

On Windows, Razer Synapse 3 installs an optional component - the Razer
Chroma SDK - by default. This component installs a root certificate - with
the private key - which is the same across...

Posted by Matthias Deeg on Jul 05

Advisory ID: SYSS-2019-021

Product: Cynap

Manufacturer: WolfVision

Affected Version(s): 1.18g, 1.28j

Tested Version(s): 1.18g, 1.28j

Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)

Risk Level: High

Solution Status: Fixed

Manufacturer Notification: 2019-05-03

Solution Date: 2019-06-19

Public Disclosure: 2019-07-04

CVE Reference: Not assigned yet

Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...

Posted by hyp3rlinx on Jul 05

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"

Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533

Excerpt from the FCIV...

Posted by RedTeam Pentesting GmbH on Jul 01

Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...