seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 49 perc 3 másodperc
2020. október 30.

Chrome heap buffer overflow in freetype2 CVE-2020-15999

Posted by Marcin Kozlowski on Oct 30

Hi list,

Debugged this issue, but somehow cannot trigger the crash in Chrome.

Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)

Anybody had sucess witht this bug? Feel free to reply here or DM.

My notes:

https://github.com/marcinguy/CVE-2020-15999

Thanks,
2020. október 27.

[CVE-2020-25204] God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing

Posted by Julien Ahrens (RCE Security) on Oct 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25204

2....
2020. október 23.

CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal

Posted by Kevin R on Oct 23

files through a TFTP GET request

Use CVE-2020-24990.
2020. október 23.

Unicorn Emulator 1.0.2 is out!

Posted by Nguyen Anh Quynh on Oct 23

Greetings!

We are very happy to announce version 1.0.2 of Unicorn Emulator!

It has been more than 3.5 years since the last major update, and this
version marks 5 year of Unicorn. Such a long journey for an open
source project! That is really exciting to see our magical animal
having more and more impact in both academia community and the
cybersecurity industry.

This version fixes various issues of v1.0.1, adds some new API and
introduces more...
2020. október 23.

SEC Consult SA-20201023-0 :: Multiple Vulnerabilities in PubliXone

Posted by SEC Consult Vulnerability Lab on Oct 23

SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
=======================================================================
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 2020.015
CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180,
CVE-2020-27181, CVE-2020-27182
impact:...
2020. október 22.

VL 2020-10-22 - German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Posted by Vulnerability Lab on Oct 22

Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Link:
https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw
2020. október 21.

[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

Posted by RedTeam Pentesting GmbH on Oct 21

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.

Details
=======

Product: BigBlueButton...
2020. október 20.

Re: Google's Android: remote install backdoor in Google Play Services

Posted by Pedro Cunha on Oct 20

I don't see how this is an "on-purpose backdoor". As far as I know, this
feature is used so you can install Android apps on your phone via the web
interface on another device (like a desktop) logged into the same Google
account, via the Play Store.
2020. október 20.

Re: Google's Android: remote install backdoor in Google Play Services

Posted by Michael Lazin on Oct 20

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission. Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP. If you don't
want to...
2020. október 20.

LISTSERV Maestro Remote Code Execution Vulnerability

Posted by Ryan Wincey on Oct 20

Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability

References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp

Release Date:

=============

2020-10-20

Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers...
2020. október 20.

Re: Google's Android: remote install backdoor in Google Play Services

Posted by Adrian Sanabria on Oct 20

If I recall correctly, iOS and MacOS work in much the same way. They can
push and remove software from devices at will. There are precedents of
Google and Apple using this power, generally to get rid of malware that
made it past app store detection and review mechanisms.

This isn't anything new and it has been standardized across both major
mobile platforms. Of course, that doesn't mean there aren't legal
implications, I'm...
2020. október 19.

[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass

Posted by RedTeam Pentesting GmbH on Oct 19

Advisory: FRITZ!Box DNS Rebinding Protection Bypass

RedTeam Pentesting discovered a vulnerability in FRITZ!Box router
devices which allows to resolve DNS answers that point to IP addresses
in the private local network, despite the DNS rebinding protection
mechanism.

Details
=======

Product: FRITZ!Box 7490 and potentially others
Affected Versions: 7.20 and below
Fixed Versions: >= 7.21
Vulnerability Type: Bypass
Security Risk: low
Vendor...
2020. október 16.

Open-Xchange Security Advisory 2020-10-13

Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Documents
Vendor: OX Software GmbH

Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.2,...
2020. október 16.

Re: Google's Android: remote install backdoor in Google Play Services

Posted by Enrico Weigelt, metux IT consult on Oct 16

Hello folks,

In short, Google's playstore receives notifications from Google and
installs any app that Google wants to be installed - without any further
notification or even interaction of the user.

Google silently controls your device as soon you enter an google account.

Actually, it's not a bug, but a on-purpose backdoor. I've published it
here, in order to let everybody know. Futher actions have to be done by
the enforcement...
2020. október 16.

Java deserialization vulnerability in QRadar RemoteJavaScript Servlet

Posted by Securify B.V. via Fulldisclosure on Oct 16

------------------------------------------------------------------------
Java deserialization vulnerability in QRadar RemoteJavaScript Servlet
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Java deserialization vulnerability exists in the QRadar
RemoteJavaScript Servlet. An authenticated user can call one of the
vulnerable methods and...
2020. október 12.

SEC Consult SA-20201012-0 :: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW

Posted by SEC Consult Vulnerability Lab on Oct 12

SEC Consult Vulnerability Lab Security Advisory < 20201012-0 >
=======================================================================
title: Reflected Cross-Site Scripting and Unauthenticated
Malicious File Upload
product: Sage DPW
vulnerable version: 2020_06_000 & 2020_06_001
fixed version: 2020_06_002
CVE number: CVE-2020-26583 & CVE-2020-26584
impact:...
2020. október 9.

Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability

Posted by houjingyi on Oct 09

new dll hijacking scenario found by accident
<http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/>

Speaking of dll hijacking, many people may think it is a very useless.
However, I noticed researchers disclosured some special dll hijacking
scenarios that can lead to LPE and even RCE. Some times ago, I accidentally
discovered vulnerability in dll loading mechanism in cisco webex teams that
can lead to LPE, and...
2020. október 9.

SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

Posted by SEC Consult Vulnerability Lab on Oct 09

SEC Consult Vulnerability Lab Security Advisory < 20201008-0 >
=======================================================================
title: Multiple Cross-Site Scripting Vulnerabilities
products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status
vulnerable versions: PlantUML: 6.43, Refined Toolkit for Confluence: 2.2.5, Linking for Confluence: 5.5.3, Countdown
Timer:...
2020. október 8.

[RT-SA-2020-002] Denial of Service in D-Link DSR-250N

Posted by RedTeam Pentesting GmbH on Oct 08

Advisory: Denial of Service in D-Link DSR-250N

RedTeam Pentesting discovered a Denial-of-Service vulnerability in the
D-Link DSR-250N device which allows unauthenticated attackers in the
same local network to execute a CGI script which reboots the device.

Details
=======

Product: D-Link DSR-250N
Affected Versions: 3.12 and potentially later
Fixed Versions: 3.17B
Vulnerability Type: DoS
Security Risk: low
Vendor URL:...