seclist.org

Subscribe to seclist.org hírcsatorna
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Frissítve: 43 perc 15 másodperc
1 óra 9 perc

bugtraq () securityfocus com

Posted by Securify B.V. via Fulldisclosure on Nov 22

------------------------------------------------------------------------
Clickjacking vulnerability in CSRF error page pfSense
------------------------------------------------------------------------
Yorick Koster, November 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
pfSense is a free and open source firewall and router. It was...
1 óra 9 perc

Clickjacking vulnerability in CSRF error page pfSense

Posted by Securify B.V. via Fulldisclosure on Nov 22

------------------------------------------------------------------------
Clickjacking vulnerability in CSRF error page pfSense
------------------------------------------------------------------------
Yorick Koster, November 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
pfSense is a free and open source firewall and router. It was...
2017. november 21.

ESA-2017-094: EMC ScaleIO Multiple Vulnerabilities

Posted by EMC Product Security Response Center on Nov 21

ESA-2017-094: EMC ScaleIO Multiple Vulnerabilities

EMC Identifier: ESA-2017-094

CVE Identifier: CVE-2017-8001, CVE-2017-8019, CVE-2017-8020

Severity Rating: CVSSv3 Base Score: See below for CVSS scores for individual CVEs

Affected products:
EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)

Summary:
EMC ScaleIO contains a number of vulnerabilities which could potentially be exploited by malicious users to compromise...
2017. november 21.

ESA-2017-152: RSA® Authentication Manager Software Stored Cross-Site Scripting Vulnerability

Posted by EMC Product Security Response Center on Nov 21

ESA-2017-152: RSA® Authentication Manager Software Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2017-152

CVE Identifier: CVE-2017-14379

Severity Rating: CVSSv3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)

Affected Products:
RSA® Authentication Manager software version 8.2 SP1 P5 and earlier

Summary:
RSA Authentication Manager software version 8.2 SP1 P6 contains a fix for a cross-site scripting vulnerability that...
2017. november 21.

SSD Advisory – DblTek Multiple Vulnerabilities

Posted by Maor Shwartz on Nov 21

SSD Advisory – DblTek Multiple Vulnerabilities

Full report: https://blogs.securiteam.com/index.php/archives/3437
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerabilities summary
The following advisory describes 2 (two) vulnerabilities found in DblTek
webserver.

DBL is “specialized in VoIP products, especially GoIPs. We design, develop,
manufacture, and sell our products directly and via distributors to
customers. Our GoIP models now...
2017. november 16.

SEC Consult SA-20171116-0 :: Broken access control & LINQ injection in Progress Sitefinity

Posted by SEC Consult Vulnerability Lab on Nov 16

SEC Consult Vulnerability Lab Security Advisory < 20171116-0 >
=======================================================================
title: Broken access control & LINQ injection
product: Progress Sitefinity
vulnerable version: 10.0, 10.1
fixed version: >=10.1.6527.0 (internal build), 10.2
CVE number: -
impact: High
homepage: http://www.sitefinity.com |...
2017. november 15.

Vivotek IP Cameras - Remote Stack Overflow

Posted by bashis on Nov 14

[STX]

Subject: Vivotek IP Cameras - Remote Stack Overflow
Researcher: bashis <mcw noemail eu> (September-October 2017)
PoC: https://github.com/mcw0/PoC
Release date: November 13, 2017
Full Disclosure: 43 days

Attack Vector: Remote
Authentication: Anonymous (no credentials needed)
Firmware Vulnerable: Only 2017 versions affected
Firmware Patched: October 2017 and higher

Device Model:
CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A,...
2017. november 15.

CA20171114-01: Security Notice for CA Identity Governance

Posted by Kotas, Kevin J on Nov 14

CA20171114-01: Security Notice for CA Identity Governance

Issued: November 14, 2017
Last Updated: November 14, 2017

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potentially allow a malicious actor to conduct cross-site scripting
attacks. CA published a solution to resolve the issue.

The vulnerability, CVE-2017-9394, occurs due to insufficient input
validation...
2017. november 15.

Getting Local Admin by Abusing the Anti-Virus Quarantine #AVGater

Posted by Florian Bogner on Nov 14

Dear list,

This mail is not about a single vulnerability, but a more or less general technique I discovered to abuse the restore
from quarantine feature in anti-virus solutions to gain local admin rights. As I also presented this attack at the IT
SECX conference, I had to invent a name for it too. Hence, it is now called #AVGater (naturally it also has a logo).

For a more detailed description visit: https://bogner.sh/AVGater

Summary:...
2017. november 15.

Faraday v2.7: Collaborative Penetration Test & Vulnerability Management Platform

Posted by Francisco Amato on Nov 14

Faraday is the Integrated Multiuser Risk Environment you have always
been looking for! It maps and leverages all the data you generate in
real time, letting you track and understand your audits. Our dashboard
for CISOs and managers uncovers the risks and impacts and risks being
assessed by the audit in real-time without a single email. Developed
with a specialized set of functionalities that helps users improve
their own work, the main purpose is...
2017. november 15.

Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331

Posted by hyp3rlinx on Nov 14

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
=======www.symantec.com

Product:
===========
Symantec Endpoint Protection
v12.1.6 (12.1 RU6 MP5)
Symantec 12.1.7004.6500

Vulnerability Type:
===================
Tamper-Protection Bypass
Denial Of Service /...
2017. november 15.

Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server

Posted by X41 D-Sec GmbH Advisories on Nov 14

X41 D-Sec GmbH Security Advisory: X41-2017-006

Multiple Vulnerabilities in PSFTPd Windows FTP Server
=====================================================

Overview
--------
Confirmed Affected Versions: 10.0.4 Build 729
Confirmed Patched Versions: None
Vendor: Sergei Pleis Softwareentwicklung
Vendor URL: http://www.psftp.de/ftp-server/
Vector: Network
Credit: X41 D-Sec GmbH, Eric Sesterhenn, Markus Vervier
Status: Public
Advisory-URL:...
2017. november 14.

SEC Consult SA-20171114-0 :: Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTUs SM-2556 COM Modules

Posted by SEC Consult Vulnerability Lab on Nov 14

SEC Consult Vulnerability Lab Security Advisory < 20171114-0 >
=======================================================================
title: Authentication bypass, cross-site scripting & code
execution
product: Siemens SICAM RTUs SM-2556 COM Modules
(firmware variants ENOS00, ERAC00, ETA2, ETLS00,
MODi00 and DNPi00
vulnerable version: FW 1549...
2017. november 13.

[SE-2011-01] Some ideas regarding security of ST DVB chipsets

Posted by Security Explorations on Nov 13

Hello All,

We decided to release a short document revealing some of the unexplored
ideas we had with respect to security of ST DVB chipsets:

http://www.security-explorations.com/materials/se-2011-01_ideas.pdf

We appreciate any feedback, especially the one regarding the feasibility
to conduct the described crypto attack (this bothered us for years, but
unfortunately we lack expertise in breaking real life crypto and crypto
analysis in...
2017. november 10.

Re: An anti theft system allowing attackers to kill remotely the engine in electric scooters made by by INOKIM/MyWay, affected model - model Quick 3

Posted by pop shark on Nov 10

Hi, My last mail had a mistake, please don't publish it.
I'm adding a corrected version.
Thank you
2017. november 8.

AST-2017-011: Memory leak in pjsip session resource

Posted by Asterisk Security Team on Nov 08

Asterisk Project Security Advisory - AST-2017-011

Product Asterisk
Summary Memory leak in pjsip session resource
Nature of Advisory Memory leak
Susceptibility Remote Sessions
Severity Minor...
2017. november 8.

AST-2017-010: Buffer overflow in CDR's set user

Posted by Asterisk Security Team on Nov 08

Asterisk Project Security Advisory - AST-2017-010

Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate...
2017. november 8.

AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk

Posted by Asterisk Security Team on Nov 08

Asterisk Project Security Advisory - AST-2017-009

Product Asterisk
Summary Buffer overflow in pjproject header parsing can
cause crash in Asterisk
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...
2017. november 7.

mkvalidator libebml2 mkclean multiple vulnerabilities

Posted by qflb.wu on Nov 06

mkvalidator libebml2 mkclean multiple vulnerabilities
================
Author : qflb.wu
===============

Introduction:
=============
mkvalidator is a simple command line tool to verify Matroska and WebM files for spec conformance. It checks the various
bogus or missing key elements against the EBML DocType version of the file and reports the errors/warnings in the
command line.
mkclean is a command line tool to clean and optimize Matroska (.mkv...
2017. november 6.

CVE-2017-12969 Avaya OfficeScan IPO Remote ActiveX Buffer Overflow

Posted by hyp3rlinx on Nov 05

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt
[+] ISR: apparitionSec

Vendor:
=============www.avaya.com

Product:
===========
Avaya IP Office (IPO)
v9.1.0 - 10.1

IP Office is Avaya's global midsize solution for enterprises,
supporting up to 3,000 users at a single location...