seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 1 óra 23 perc
2019. március 22.

Re: YOP Poll 6.0.2 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9914 for this vulnerability.
2019. március 22.

Re: WP Live Chat Support 8.0.17 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9913 for this vulnerability.
2019. március 22.

Re: wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9912 for this vulnerability.
2019. március 22.

Re: NextScripts: Social Networks Auto-Poster 4.2.7 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9911 for this vulnerability.
2019. március 22.

Re: KingComposer 2.7.6 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9910 for this vulnerability.
2019. március 22.

Re: Give 2.3.0 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

MITRE assigned CVE-2019-9909 for this vulnerability.
2019. március 22.

Re: Font_Organizer 2.1.1 - Reflected XSS (WordPress Plugin)

Posted by Henri Salo on Mar 22

Please use CVE-2019-9908.
2019. március 22.

CVE-2018-17057: phar deserialization in TCPDF might lead to RCE

Posted by Paolo G on Mar 22

CVE-2018-17057: phar deserialization in TCPDF might lead to RCE
---------------------------------------------------------------

Affected products
=================

TCPDF <= 6.2.19

Background
==========

"Started in 2002, TCPDF is now one of the world's most active Open Source
projects, used daily by millions of users and included in thousands of CMS
and Web applications." - https://tcpdf.org/

"PHP library for generating...
2019. március 20.

[SE-2019-01] Java Card vulnerabilities

Posted by Security Explorations on Mar 20

Hello All,

We discovered multiple security vulnerabilities in reference implementation
of Java Card technology [1] from Oracle used in financial, government,
transportation and telecommunication sectors among others.

According to Oracle, "Java Card technology provides a secured environment
for applications that run on smart cards and other trusted devices with
limited memory and processing capabilities. With close to six billion
Java...
2019. március 19.

CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error

Posted by Timo Lindfors on Mar 19

CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error
-------------------------------------------------------------------------

Affected products
=================

The SAML SSO addon in Artifactory 6.5.9 is vulnerable.
The SAML SSO addon in Artifactory 6.5.13 is NOT vulnerable.

Other versions were not tested.

Background
==========

"Artifactory offers a SAML-based Single Sign-On service allowing
federated...
2019. március 19.

2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481]

Posted by (RS) Tyler Schroder via Fulldisclosure on Mar 19

=============================================

2FA & macOS Disk Encryption Bypass in Abine Blur 7.24*

=============================================

Topic: Abine Blur Password Manager Insecure Permissions

* Announced: 2019-03-18

* Credits: RS Tyler Schroder

* Affects: 7.8.242*

* Corrected: 2018-03-18

* Corrected V: 8.0.2478

* CVE Name: CVE-2019-6481

I. Background

Abine Blur is a...
2019. március 19.

Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

Posted by Henri Salo on Mar 19

Good research work Manuel. Keep up the good work! =)

In case of WordPress plugins your solution is not correct. This vulnerability
can be exploited even plugin is disabled. Plugin must be deleted in order to
mitigate this.
2019. március 16.

[SYSS-2018-033]: Fujitsu Wireless Keyboard Set LX901 - Keystroke Injection Vulnerability

Posted by Matthias Deeg on Mar 16

Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: CVE-2019-9835
Author of Advisory: Matthias Deeg...
2019. március 16.

SQL injection in joshcam/mysqli-database-class library

Posted by Jaroslav Lobačevski on Mar 16

https://packagist.org/packages/joshcam/mysqli-database-class aka
https://github.com/ThingEngineer/PHP-MySQLi-Database-Class v2.9.2 is
vulnerable to SQL injection in functon Where() because of special
"forkaround" at line 971
<https://github.com/ThingEngineer/PHP-MySQLi-Database-Class/blob/eaf1f6cc387c8464ea6a9221fb308669beed3a63/MysqliDb.php#L971>

If $whereValue happens to be an array, key value is used as $operator to
build...
2019. március 16.

IPv6 Security for IPv4 Engineers

Posted by Fernando Gont on Mar 16

Folks,

It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
possible.

So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as
much of...
2019. március 16.

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

Posted by David Coomber on Mar 16

Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)
2019. március 16.

[**UPDATED] Microsoft Windows .Reg File / Dialog Box Message Spoofing 0day

Posted by hyp3rlinx on Mar 16

Added a few things I had previously left out that should have been
mentioned earlier.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can...
2019. március 16.

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

Posted by Manuel Garcia Cardenas on Mar 16

=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------...
2019. március 12.

FlexPaper <= 2.3.6 Remote Command Execution

Posted by redazione on Mar 12

Description
===========
FlexPaper (https://www.flowpaper.com) is an open source project, released under GPL license, quite widespread over the
internet. It provides document viewing functionalities to web clients, mobile and tablet devices. At least until 2014
the component has been actively used by WikiLeaks, when it was discovered to be affected by a XSS vulnerability
subsequently patched.

Around one year ago Red Timmy Sec discovered a...
2019. március 12.

CVE-2019-9649 CoreFTP FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal

Posted by Kevin R on Mar 12

CVE-2019-9649

CoreFTP FTP / SFTP Server v2 - Build 674

MDTM Directory Traversal

Discovered By: Kevin Randall

Summary: By utilizing a directory traversal along with the FTP MDTM
command, an attacker can browse outside the root directory to determine if
a file exists based on return file size along with the date the file was
last modified by using a ..\..\ technique

Tools used:

Parrot OS VM

Windows 7 VM

FTP / SFTP Server v2 - Build 674...