seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 39 perc 36 másodperc
2 óra 46 perc

[Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE

Posted by Pedro Ribeiro on Jan 22

Hi,

In October 2018, ICS-CERT issued an advisory for Nuuo CMS:
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Long story short, Nuuo CMS contained several vulnerabilities that allow
an unauthenticated attacker (up to version 2.3) or an authenticated
attacker (up to version 3.5) to achieve RCE, download arbitrary files, etc.

Disclosure on this one took near TWO YEARS. And even after Nuuo saying
they have fixed everything, they clearly...
2 óra 46 perc

CA20190117-01: Security Notice for CA Service Desk Manager

Posted by Kevin Kotas via Fulldisclosure on Jan 22

CA20190117-01: Security Notice for CA Service Desk Manager

Issued: January 17, 2019
Last Updated: January 17, 2019

CA Technologies Support is alerting customers to multiple potential
risks with CA Service Desk Manager. Multiple vulnerabilities exist
that can allow a remote attacker to access sensitive information or
possibly gain additional privileges. CA published solutions to
address the vulnerabilities.

The first vulnerability,...
2 óra 46 perc

Call For Paper - leHACK - July 6th - July 7th, 2019

Posted by Hackira via Fulldisclosure on Jan 22

The whole HZV team wishes you a happy new year !

Hello everyone,

For the first edition, leHACK will be held at la Cité des Sciences et de l'Industire, in Paris, on July 6 & 7 2019.

Since our community and the team enjoyed the site from the last year, it wasn't hard to pick a location, which hosted
la Nuit du Hack last year.

This year again will be at your disposal : a 3 level mezzanine, a 900 seats amphitheater, 2000m2 area...
10 óra 36 perc

[SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets

Posted by Security Explorations on Jan 22

Hello All,

The report presenting the results of our SRP-2018-02 research
into security of a digital satellite TV platform NC+ [1] is
now available to general public from the following location:

http://www.security-explorations.com/ncplus_sat_general_info.html

In 2017 / 2018, we tried to obtain information regarding the
impact and addressing of security weaknesses of STMicroelectronics
chipsets [2]. We asked for the information at the chipset...
2019. január 18.

Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability

Posted by Stefan Kanthak on Jan 18

Hi @ll

the executable self-extractor (and its payload too)
<https://download.microsoft.com/download/F/B/4/FB46F8CA-6A6F-4CB0-B8F4-06BF3D44DA48/officesips.exe>
for the "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects",
available via <https://www.microsoft.com/en-us/download/details.aspx?id=56617>,
published April 19 2018, is (SURPRISE!) vulnerable!

Vulnerability #1
================

On a fully...
2019. január 18.

Open-Xchange Security Advisory 2019-01-18

Posted by Open-Xchange GmbH on Jan 18

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 59653 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable...
2019. január 18.

Microsoft Windows ".contact" File / Insufficient UI Warning Arbitrary Code Execution

Posted by hyp3rlinx on Jan 18

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft .CONTACT File

A file with the CONTACT file extension is a Windows Contact file. They're
used in Windows 10, Windows 8, Windows 7, and Windows...
2019. január 18.

Become a speaker at PHDays 9!

Posted by Alexander Lashkov on Jan 18

The Call for Papers is now open for the Positive Hack Days forum on practical information security. Please send your
application by May 31. Both the esteemed experts and young specialists are welcome. An international program committee
consisting of independent researchers and leading IS and IT experts will name the best reports.

Under the banner of "Breaking the constant" we will pay close attention to the relationship between...
2019. január 15.

SCP client multiple vulnerabilities

Posted by Harry Sintonen on Jan 15

scp client multiple vulnerabilities
===================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Overview
--------

SCP clients from multiple vendors are susceptible to a malicious scp server performing
unauthorized changes to target directory and/or client output manipulation.

Description
-----------

Many scp clients fail to verify if the...
2019. január 15.

secuvera-SA-2016-01: Multiple authentication weaknesses in Arvato Systems Streamworks Job Scheduler

Posted by Simon Bieber on Jan 15

Affected Products
Streamworks Job Scheduler Release 7 (older/newer releases have not
been tested)

References
Secuvera-SA-2016-01
https://www.secuvera.de/advisories/secuvera-SA-2016-01.txt (used for
updates)
No CVE number could be assigned (vendor not listed under
cve.mitre.org/data/board/archives/2016-01/msg00015.html)

Summary:
Arvato Systems Streamworks Job Scheduler is a software product for
automation purposes. It...
2019. január 15.

EuskalHack Security Congress Call For Papers

Posted by Joxean Koret via Fulldisclosure on Jan 15

                                                             
      _____          _         _ _   _            _          
     | ____|   _ ___| | ____ _| | | | | __ _  ___| | __      
     |  _|| | | / __| |/ / _` | | |_| |/ _` |/ __| |/ /      
     | |__| |_| \__ \   < (_| | |  _  | (_| | (__|   <       ...
2019. január 15.

Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2

Posted by Henri Salo on Jan 15

Please use CVE-2018-20703.
2019. január 11.

System Down: A systemd-journald exploit

Posted by Qualys Security Advisory on Jan 11

Qualys Security Advisory

System Down: A systemd-journald exploit

========================================================================
Contents
========================================================================

Summary
CVE-2018-16864
- Analysis
- Exploitation
CVE-2018-16865
- Analysis
- Exploitation
CVE-2018-16866
- Analysis
- Exploitation
Combined Exploitation of CVE-2018-16865 and CVE-2018-16866
- amd64 Exploitation
- i386...
2019. január 11.

[CVE-2018-10093] Remote command injection vulnerability in AudioCode IP phones

Posted by Sysdream Labs on Jan 11

# [CVE-2018-10093] Remote command injection vulnerability in AudioCode
IP phones

## Description

The AudioCodes 400HD series of IP phones consists in a range of
easy-to-use, feature-rich desktop devices for the service provider
hosted services, enterprise IP telephony and contact center markets.

The CGI scripts used on the 420HD phone (web interface) do not filter
user inputs correctly. Consequently, an authenticated attacker could
inject...
2019. január 11.

[CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones

Posted by Sysdream Labs on Jan 11

# [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones

## Description

The AudioCodes 400HD series of IP phones is a range of easy-to-use,
feature-rich desktop devices for the service provider hosted services,
enterprise IP telephony and contact center markets.

Most of user inputs in the CGI interface are not protected against XSS
injections.

Theses vulnerabilities have only been tested on the 420HD phone.

## Vulnerability...
2019. január 11.

Re: Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2

Posted by Henri Salo on Jan 11

Fixed in what version or commit? Did you request CVE identifier for this
vulnerability?
2019. január 11.

Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.8.6

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported in Ampache
3.8.6

Here are the details:

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting in Ampache 3.8.6
Affected Software: Ampache
Affected Versions: 3.8.6
Homepage: http://ampache.org
Vulnerability: Reflected Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Netsparker Advisory...
2019. január 11.

XML External Entity Injection Vulnerability in BlogEngine 3.3

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported in
BlogEngine 3.3.

Here are the details:

Advisory by Netsparker
Name: XML External Entity Injection Vulnerability in BlogEngine 3.3
Affected Software: BlogEngine
Affected Versions: 3.3
Homepage: https://blogengine.io/
Vulnerability: XML External Entity (XXE) Injection Vulnerability
Severity: High
Status: Not Fixed
CVE-ID: 2018-14485
CVSS Score (3.0):...
2019. január 11.

Open Redirection Vulnerabilities in OrangeForum 1.4.0

Posted by Daniel Bishtawi on Jan 11

Hello,

We are glad to inform you about the vulnerabilities we reported
in OrangeForum 1.4.0

Here are the details:

Advisory by Netsparker
Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0
Affected Software: OrangeForum
Affected Versions: 1.4.0
Homepage: https://github.com/s-gv/orangeforum
Vulnerability: Open Redirection
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-14474
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N...