seclist.org

Posted by Marcin Kozlowski on Oct 30

Hi list,

Debugged this issue, but somehow cannot trigger the crash in Chrome.

Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)

Anybody had sucess witht this bug? Feel free to reply here or DM.

My notes:

https://github.com/marcinguy/CVE-2020-15999

Thanks,

Posted by Vulnerability Lab on Oct 29

Title: German armed forces launch security vulnerability disclosure program

Source:
https://portswigger.net/daily-swig/german-armed-forces-launch-security-vulnerability-disclosure-program

Reference:
https://www.bundeswehr.de/bw-de/organisation/cyber-und-informationsraum/aktuelles/-liebe-hacker-hiermit-laden-wir-sie-herzlich-ein--3713242

Posted by Julien Ahrens (RCE Security) on Oct 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25204

2....

Posted by Kevin R on Oct 23

files through a TFTP GET request

Use CVE-2020-24990.

Posted by Nguyen Anh Quynh on Oct 23

Greetings!

We are very happy to announce version 1.0.2 of Unicorn Emulator!

It has been more than 3.5 years since the last major update, and this
version marks 5 year of Unicorn. Such a long journey for an open
source project! That is really exciting to see our magical animal
having more and more impact in both academia community and the
cybersecurity industry.

This version fixes various issues of v1.0.1, adds some new API and
introduces more...

Posted by SEC Consult Vulnerability Lab on Oct 23

SEC Consult Vulnerability Lab Security Advisory < 20201023-0 >
=======================================================================
title: PubliXone - Multiple Vulnerabilities
product: konzept-ix publiXone
vulnerable version: 2019.045
fixed version: 2020.015
CVE number: CVE-2020-27179, CVE-2020-27183, CVE-2020-27180,
CVE-2020-27181, CVE-2020-27182
impact:...

Posted by Vulnerability Lab on Oct 22

Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw)

Link:
https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw

Posted by RedTeam Pentesting GmbH on Oct 21

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.

Details
=======

Product: BigBlueButton...

Posted by Pedro Cunha on Oct 20

I don't see how this is an "on-purpose backdoor". As far as I know, this
feature is used so you can install Android apps on your phone via the web
interface on another device (like a desktop) logged into the same Google
account, via the Play Store.

Posted by Michael Lazin on Oct 20

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission. Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP. If you don't
want to...

Posted by Ryan Wincey on Oct 20

Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability

References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp

Release Date:

=============

2020-10-20

Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers...

Posted by Adrian Sanabria on Oct 20

If I recall correctly, iOS and MacOS work in much the same way. They can
push and remove software from devices at will. There are precedents of
Google and Apple using this power, generally to get rid of malware that
made it past app store detection and review mechanisms.

This isn't anything new and it has been standardized across both major
mobile platforms. Of course, that doesn't mean there aren't legal
implications, I'm...

Posted by RedTeam Pentesting GmbH on Oct 19

Advisory: FRITZ!Box DNS Rebinding Protection Bypass

RedTeam Pentesting discovered a vulnerability in FRITZ!Box router
devices which allows to resolve DNS answers that point to IP addresses
in the private local network, despite the DNS rebinding protection
mechanism.

Details
=======

Product: FRITZ!Box 7490 and potentially others
Affected Versions: 7.20 and below
Fixed Versions: >= 7.21
Vulnerability Type: Bypass
Security Risk: low
Vendor...

Posted by Open-Xchange GmbH via Fulldisclosure on Oct 16

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Documents
Vendor: OX Software GmbH

Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.2,...

Posted by Enrico Weigelt, metux IT consult on Oct 16

Hello folks,

In short, Google's playstore receives notifications from Google and
installs any app that Google wants to be installed - without any further
notification or even interaction of the user.

Google silently controls your device as soon you enter an google account.

Actually, it's not a bug, but a on-purpose backdoor. I've published it
here, in order to let everybody know. Futher actions have to be done by
the enforcement...

Posted by Securify B.V. via Fulldisclosure on Oct 16

------------------------------------------------------------------------
Java deserialization vulnerability in QRadar RemoteJavaScript Servlet
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Java deserialization vulnerability exists in the QRadar
RemoteJavaScript Servlet. An authenticated user can call one of the
vulnerable methods and...

Posted by SEC Consult Vulnerability Lab on Oct 12

SEC Consult Vulnerability Lab Security Advisory < 20201012-0 >
=======================================================================
title: Reflected Cross-Site Scripting and Unauthenticated
Malicious File Upload
product: Sage DPW
vulnerable version: 2020_06_000 & 2020_06_001
fixed version: 2020_06_002
CVE number: CVE-2020-26583 & CVE-2020-26584
impact:...

Posted by houjingyi on Oct 09

new dll hijacking scenario found by accident
<http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/>

Speaking of dll hijacking, many people may think it is a very useless.
However, I noticed researchers disclosured some special dll hijacking
scenarios that can lead to LPE and even RCE. Some times ago, I accidentally
discovered vulnerability in dll loading mechanism in cisco webex teams that
can lead to LPE, and...

Posted by SEC Consult Vulnerability Lab on Oct 09

SEC Consult Vulnerability Lab Security Advisory < 20201008-0 >
=======================================================================
title: Multiple Cross-Site Scripting Vulnerabilities
products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status
vulnerable versions: PlantUML: 6.43, Refined Toolkit for Confluence: 2.2.5, Linking for Confluence: 5.5.3, Countdown
Timer:...

Posted by RedTeam Pentesting GmbH on Oct 08

Advisory: Denial of Service in D-Link DSR-250N

RedTeam Pentesting discovered a Denial-of-Service vulnerability in the
D-Link DSR-250N device which allows unauthenticated attackers in the
same local network to execute a CGI script which reboots the device.

Details
=======

Product: D-Link DSR-250N
Affected Versions: 3.12 and potentially later
Fixed Versions: 3.17B
Vulnerability Type: DoS
Security Risk: low
Vendor URL:...