seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 2 óra 50 perc
2019. július 19.

Re: local privilege escalation via CDE dtprintinfo

Posted by Marco Ivaldi on Jul 18

Hi,

Just a quick follow-up to my original advisory. The CVE name CVE-2019-2832 has been assigned to the vulnerability and
Oracle has released a patch in its July 2019 CPU. Further information is available at:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixSUNS
https://support.oracle.com/epmos/faces/DocContentDisplay?id=2560938.1

Once again, I would like to thank Jon Trulson (maintainer of the open...
2019. július 17.

CVE-2019-2107 a.k.a "Hevcfright" Proof of Concept exploit (Denial of Service PoC)

Posted by Marcin Kozlowski on Jul 16

Hi list,

Maybe you find this interesting. In July 2019 Android fixed several
critical bugs, including this one. I think "Hevcfright" (in reference to
Stagefright) is quite possible, with lot of effort, I guess. This video
will crash stock VideoPlayer in Android 7-9 without July 2019 Patch (
https://source.android.com/security/bulletin/2019-07-01). More here:
https://github.com/marcinguy/CVE-2019-2107/

Thanks,
Marcin
2019. július 17.

CVE-2019-13577 / MAPLE Computer WBT SNMP Administrator v2.0.195.15 / Unauthenticated Remote Buffer Overflow Code Execution 0day

Posted by hyp3rlinx on Jul 16

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MAPLE-WBT-SNMP-ADMINISTRATOR-v2.0.195.15-REMOTE-BUFFER-OVERFLOW-CODE-EXECUTION-0DAY.txt
[+] ISR: Apparition Security

[Vendor]
www.computerlab.com

[Product]
MAPLE Computer WBT SNMP Administrator (Thin Client Administrator)
v2.0.195.15

https://www.computerlab.com/index.php/downloads/category/27-device-manager...
2019. július 17.

Re: Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity

Posted by hyp3rlinx on Jul 16

[** CORRECTION Fixed Port Typo]

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Compiled HTML Help "hh.exe"

Microsoft Compiled HTML Help is a Microsoft proprietary online help format,
consisting of a...
2019. július 12.

Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4

Posted by Daniel Bishtawi on Jul 12

Hello,

We are informing you about the vulnerabilities we reported in phpFK
lite-version.

*Information:*

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in phpFK
Affected Software: phpFK
Affected Versions: lite-version
Homepage: https://www.frank-karau.de/
Vulnerability: Reflected Cross-site Scripting
Severity: 7.4 High
Status: Not Fixed
CVSS Score (3.0): CVE-2017-18364
CVSS Score (3.0):...
2019. július 11.

AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-003

Product Asterisk
Summary Remote Crash Vulnerability in chan_sip channel
driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...
2019. július 11.

AST-2019-002: Remote crash vulnerability with MESSAGE messages

Posted by Asterisk Security Team on Jul 11

Asterisk Project Security Advisory - AST-2019-002

Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Susceptibility Remote Authenticated Sessions
Severity Low...
2019. július 10.

Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")

Posted by Stefan Kanthak on Jul 09

Hi @ll,

Mozilla finally provides MSI installers for their just released
Firefox 68 and Firefox 68 ESR for Windows:
<https://archive.mozilla.org/pub/firefox/releases/68.0/win32/de/Firefox%20Setup%2068.0.msi>
<https://archive.mozilla.org/pub/firefox/releases/68.0esr/win32/de/Firefox%20Setup%2068.0esr.msi>

These MSI installers are but DEFECTIVE, VULNERABLE and a bluff:
Mozilla just wrapped their (UPX-compressed) 7-zip self-extractors,...
2019. július 10.

PowerPanel Business Edition 3.4.0 - Cross Site Request Forgery

Posted by Joey Lane via Fulldisclosure on Jul 09

# Exploit Title: PowerPanel Business Edition 3.4.0 - Cross Site Request
Forgery
# Date: 7/9/2019
# Exploit Author: Joey Lane
# Vendor Homepage: https://www.cyberpowersystems.com
# Version: 3.4.0
# Tested on: Ubuntu 16.04
# CVE : CVE-2019-13071
# Reported to vendor on 5/25/2019, no acknowledgement.

The Agent/Center component of PowerPanel Business Edition is vulnerable to
cross site request forgery. This can be exploited by tricking an...
2019. július 9.

Two vulnerabilities found in Sony BRAVIA Smart TVs

Posted by xen1thLabs on Jul 09

## ADVISORY INFORMATION

TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs
ADVISORY URL:
CVE-2019-11889
https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/
CVE-2019-11890

https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/

DATE PUBLISHED: 02/07/2019
AFFECTED VENDORS: Sony
RELEASE...
2019. július 9.

Cisco Data Center Manager multiple vulns; RCE as root

Posted by Pedro Ribeiro on Jul 09

Hi,

tl;dr Cisco Data Center Network Manager has multiple vulns which can be
abused to achieve RCE as root with no authentication.

Full advisory below, and Metasploit modules have been submitted to the
project.

A special thanks to iDefense for handling the disclosure process with Cisco.

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt

code execution) on Cisco Data Center Network Manager

Security (...
2019. július 9.

Vulnerabilities in TP-Link TL-WR940N and TL-WR941ND

Posted by MustLive on Jul 09

Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities
in TP-Link TL-WR940N and TL-WR941ND. After my advisory about
vulnerabilities in TP-Link TL-WR841N and TL-WR841ND in 2017.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: TP-Link TL-WR940N and TL-WR941ND,
Firmware Version 3.16.9 Build 151216. All other versions also must be
vulnerable. I informed TP-Link about...
2019. július 9.

UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352]

Posted by Matthias Deeg on Jul 09

Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date: 2019-06-19
Public Disclosure: 2019-07-04
CVE Reference: CVE-2019-13352
Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...
2019. július 9.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Posted by Jonathan Leitschuh on Jul 09

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit
your website!

A vulnerability in the Mac Zoom Client allows any malicious website to
enable your camera without your permission. The flaw potentially exposes up
to 750,000 companies around the world that use Zoom to conduct day-to-day
business.

Full post:...
2019. július 9.

KEYNTO Team Password Manager 1.5.0 - Cross Site Scripting [CVE-2019-13380]

Posted by gionreale on Jul 09

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.

Discovered by Gionathan Armando Reale
2019. július 9.

Polycom RealPresence Touch device vulnerable to Slowloris attack (hardware version 7; OS version 2.1.2-255)

Posted by Eitan shav on Jul 09

[Description]
Polycom RealPresence Touch devices (hardware version 7; operating
system version 2.1.2-255) allow remote attackers to cause a denial of
service (networking outage) by sending "Slowloris" packet data to the
login interface.

[VulnerabilityType]
Slowloris DoS

[Vendor of Product]
Polycom

[Affected Product Code Base]
RealPresence Touch device - Hardware version: 7 , operating system version: 2.1.2-255

[Attack...
2019. július 9.

Razer Synapse 3, Laptops Ship with Re-used Root Certificate with Private Key

Posted by No One on Jul 09

Razer is a company that produces gaming-centric computer peripherals,
laptops, desktops, and mobile phones. Many of their products allow for
rich customization of device lighting effects. These features are managed
by a client application called Synapse.

On Windows, Razer Synapse 3 installs an optional component - the Razer
Chroma SDK - by default. This component installs a root certificate - with
the private key - which is the same across...
2019. július 5.

[SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)

Posted by Matthias Deeg on Jul 05

Advisory ID: SYSS-2019-021

Product: Cynap

Manufacturer: WolfVision

Affected Version(s): 1.18g, 1.28j

Tested Version(s): 1.18g, 1.28j

Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)

Risk Level: High

Solution Status: Fixed

Manufacturer Notification: 2019-05-03

Solution Date: 2019-06-19

Public Disclosure: 2019-07-04

CVE Reference: Not assigned yet

Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH)...
2019. július 5.

Microsoft File Checksum Integrity Verifier "fciv.exe" v2.05 / DLL Hijack Arbitrary Code Execution

Posted by hyp3rlinx on Jul 05

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-FILE-CHECKSUM-VERIFIER-v2.05-DLL-HIJACKING-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: Apparition Security

[Vendor]
www.microsoft.com

[Product]
File Checksum Integrity Verifier version 2.05 "fciv.exe"

Download:
https://www.microsoft.com/en-us/download/details.aspx?id=11533

Excerpt from the FCIV...
2019. július 1.

[RT-SA-2019-012] Information Disclosure in REDDOXX Appliance

Posted by RedTeam Pentesting GmbH on Jul 01

Advisory: Information Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an Information Disclosure vulnerability in
the REDDOXX appliance software, which allows unauthenticated attackers
to gain information about the internal network the appliance is part of.

Details
=======

Product: REDDOXX Appliance
Affected Versions: 2032-SP2 up to hotfix 51
Fixed Versions: 2032-SP2 hotfix 53
Vulnerability Type: Information Disclosure
Security...