seclist.org

Posted by Pedro Ribeiro on Jan 22

Hi,

In October 2018, ICS-CERT issued an advisory for Nuuo CMS:
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Long story short, Nuuo CMS contained several vulnerabilities that allow
an unauthenticated attacker (up to version 2.3) or an authenticated
attacker (up to version 3.5) to achieve RCE, download arbitrary files, etc.

Disclosure on this one took near TWO YEARS. And even after Nuuo saying
they have fixed everything, they clearly...

Posted by Kevin Kotas via Fulldisclosure on Jan 22

CA20190117-01: Security Notice for CA Service Desk Manager

Issued: January 17, 2019
Last Updated: January 17, 2019

CA Technologies Support is alerting customers to multiple potential
risks with CA Service Desk Manager. Multiple vulnerabilities exist
that can allow a remote attacker to access sensitive information or
possibly gain additional privileges. CA published solutions to
address the vulnerabilities.

The first vulnerability,...

Posted by Hackira via Fulldisclosure on Jan 22

The whole HZV team wishes you a happy new year !

Hello everyone,

For the first edition, leHACK will be held at la Cité des Sciences et de l'Industire, in Paris, on July 6 & 7 2019.

Since our community and the team enjoyed the site from the last year, it wasn't hard to pick a location, which hosted
la Nuit du Hack last year.

This year again will be at your disposal : a 3 level mezzanine, a 900 seats amphitheater, 2000m2 area...

Posted by Security Explorations on Jan 22

Hello All,

The report presenting the results of our SRP-2018-02 research
into security of a digital satellite TV platform NC+ [1] is
now available to general public from the following location:

http://www.security-explorations.com/ncplus_sat_general_info.html

In 2017 / 2018, we tried to obtain information regarding the
impact and addressing of security weaknesses of STMicroelectronics
chipsets [2]. We asked for the information at the chipset...

Posted by Stefan Kanthak on Jan 18

Hi @ll

the executable self-extractor (and its payload too)
<https://download.microsoft.com/download/F/B/4/FB46F8CA-6A6F-4CB0-B8F4-06BF3D44DA48/officesips.exe>
for the "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects",
available via <https://www.microsoft.com/en-us/download/details.aspx?id=56617>,
published April 19 2018, is (SURPRISE!) vulnerable!

Vulnerability #1
================

On a fully...

Posted by Open-Xchange GmbH on Jan 18

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 59653 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable...

Posted by hyp3rlinx on Jan 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft .CONTACT File

A file with the CONTACT file extension is a Windows Contact file. They're
used in Windows 10, Windows 8, Windows 7, and Windows...

Posted by Alexander Lashkov on Jan 18

The Call for Papers is now open for the Positive Hack Days forum on practical information security. Please send your
application by May 31. Both the esteemed experts and young specialists are welcome. An international program committee
consisting of independent researchers and leading IS and IT experts will name the best reports.

Under the banner of "Breaking the constant" we will pay close attention to the relationship between...

Posted by Harry Sintonen on Jan 15

scp client multiple vulnerabilities
===================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Overview
--------

SCP clients from multiple vendors are susceptible to a malicious scp server performing
unauthorized changes to target directory and/or client output manipulation.

Description
-----------

Many scp clients fail to verify if the...

Posted by Simon Bieber on Jan 15

Affected Products
Streamworks Job Scheduler Release 7 (older/newer releases have not
been tested)

References
Secuvera-SA-2016-01
https://www.secuvera.de/advisories/secuvera-SA-2016-01.txt (used for
updates)
No CVE number could be assigned (vendor not listed under
cve.mitre.org/data/board/archives/2016-01/msg00015.html)

Summary:
Arvato Systems Streamworks Job Scheduler is a software product for
automation purposes. It...

Posted by Joxean Koret via Fulldisclosure on Jan 15

                                                             
      _____          _         _ _   _            _          
     | ____|   _ ___| | ____ _| | | | | __ _  ___| | __      
     |  _|| | | / __| |/ / _` | | |_| |/ _` |/ __| |/ /      
     | |__| |_| \__ \   < (_| | |  _  | (_| | (__|   <       ...

Posted by Henri Salo on Jan 15

Please use CVE-2018-20703.

Posted by Qualys Security Advisory on Jan 11

Qualys Security Advisory

System Down: A systemd-journald exploit

========================================================================
Contents
========================================================================

Summary
CVE-2018-16864
- Analysis
- Exploitation
CVE-2018-16865
- Analysis
- Exploitation
CVE-2018-16866
- Analysis
- Exploitation
Combined Exploitation of CVE-2018-16865 and CVE-2018-16866
- amd64 Exploitation
- i386...

Posted by Sysdream Labs on Jan 11

# [CVE-2018-10093] Remote command injection vulnerability in AudioCode
IP phones

## Description

The AudioCodes 400HD series of IP phones consists in a range of
easy-to-use, feature-rich desktop devices for the service provider
hosted services, enterprise IP telephony and contact center markets.

The CGI scripts used on the 420HD phone (web interface) do not filter
user inputs correctly. Consequently, an authenticated attacker could
inject...

Posted by Sysdream Labs on Jan 11

# [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones

## Description

The AudioCodes 400HD series of IP phones is a range of easy-to-use,
feature-rich desktop devices for the service provider hosted services,
enterprise IP telephony and contact center markets.

Most of user inputs in the CGI interface are not protected against XSS
injections.

Theses vulnerabilities have only been tested on the 420HD phone.

## Vulnerability...

Posted by Henri Salo on Jan 11

Fixed in 2.15.1

https://mantisbt.org/blog/archives/mantisbt/602
https://mantisbt.org/bugs/view.php?id=24580
http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a

Is this correct?

Posted by Henri Salo on Jan 11

Fixed in what version or commit? Did you request CVE identifier for this
vulnerability?

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported in Ampache
3.8.6

Here are the details:

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting in Ampache 3.8.6
Affected Software: Ampache
Affected Versions: 3.8.6
Homepage: http://ampache.org
Vulnerability: Reflected Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Netsparker Advisory...

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported in
BlogEngine 3.3.

Here are the details:

Advisory by Netsparker
Name: XML External Entity Injection Vulnerability in BlogEngine 3.3
Affected Software: BlogEngine
Affected Versions: 3.3
Homepage: https://blogengine.io/
Vulnerability: XML External Entity (XXE) Injection Vulnerability
Severity: High
Status: Not Fixed
CVE-ID: 2018-14485
CVSS Score (3.0):...

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported
in OrangeForum 1.4.0

Here are the details:

Advisory by Netsparker
Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0
Affected Software: OrangeForum
Affected Versions: 1.4.0
Homepage: https://github.com/s-gv/orangeforum
Vulnerability: Open Redirection
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-14474
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N...