SecureAuth – SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. *Advisory Information* Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisory ID: CORE-2018-0012 Advisory URL: http://www.securea
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4395-2 security@debian.org https://www.debian.org/security/ Michael Gilbert February 26, 2019
[…続きを読む]
RedForce Advisory https://redforce.io ## ِAdvisory Information Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities Advisory URL: https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/ Date published: 2019-02-25 Date of last update: 2019-02
[…続きを読む]
Hi @ll, Microsoft just announced the general availability of their “Windows Defender Advanced Threat Protection/Endpoint Protection & Response” for their “downlevel” operating systems Windows 7 and Windows 8.1: https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/W
[…続きを読む]
– – ————————————————————————- Debian Security Advisory DSA-4377-3 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff Februa
[…続きを読む]
Hello All, Technical details of ST chipset vulnerability has been released and are now included in our technical report pertaining to the security of NC+ SAT TV platform. As indicated last week, the release is made as a direct result of no interest in this research. Updated version of the report, as
[…続きを読む]
SecureAuth – SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. *Advisory Information* Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL: https://www.secureauth.com/labs/advisories/micro-focus-filr-multiple-
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4396-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4395-1 security@debian.org https://www.debian.org/security/ Michael Gilbert February 18, 2019
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4394-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4393-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 18,
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4388-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 17,
[…続きを読む]
CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry, infrastructure, retail and public transportation. It supports running python scripts in a restricted s
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4392-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2
[…続きを読む]
Hi! DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named “dnsekakf2$$” gives access to admin (uid 0) account over telnet without any password, at least for administration interface documented in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface). $ telnet 1
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4391-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2
[…続きを読む]
Qkr! with MasterPass iOS Application – MITM SSL Certificate Vulnerability (CVE-2019-6702) — https://www.info-sec.ca/advisories/Qkr-MasterCard.html Overview “Qkr! with MasterPass is the secure and easy way to order and pay for food and drinks from you iOS device. With Qkr you can: •
[…続きを読む]
CA20190212-01: Security Notice for CA Privileged Access Manager Issued: February 12, 2019 Last Updated: February 12, 2019 CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive i
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4390-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4377-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 11,
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4389-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 11, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4388-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 10, 2
[…続きを読む]
–JxARVJGJGpSBYA5qiPjWKGEaZgG0Rcyg6 Content-Type: multipart/mixed; boundary=”————5CA14373F0BDB06AC041B96C” Content-Language: en-US This is a multi-part message in MIME format. ————–5CA14373F0BDB06AC041B96C Content-Type: multipart
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4387-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez February 09, 20
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4386-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini February 06, 2
[…続きを読む]
============================================================================= FreeBSD-SA-19:01.syscall Security Advisory The FreeBSD Project Topic: System call kernel data register leak Category: core Module: kernel Announced: 2019-02-05 Credits: Konstantin Belousov Affects: All supported versions o
[…続きを読む]
============================================================================= FreeBSD-SA-19:02.fd Security Advisory The FreeBSD Project Topic: File description reference count leak Category: core Module: unix Announced: 2019-02-05 Credits: Peter Holm Affects: FreeBSD 12.0 Corrected: 2019-02-05 17:56
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4385-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 05,
[…続きを読む]
A blog post with further information has been released on this topic as well: https://r.sec-consult.com/osci SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: OSCI-Transport Library 1.2 for
[…続きを読む]
Hi, On January 20th, SSD disclosed 3 vulnerabilities found by Agile Information Security in their Cisco Identity Services Engine (ISE) product. These are unauth stored XSS, unsafe Java deserialization and privesc to root, which when combined allow an unauthenticated attacker to achieve remote code e
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4384-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 04,
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4382-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4383-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 03,
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4381-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4380-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4379-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2
[…続きを読む]
Advisory ID: SYSS-2018-032 Product: COYO Manufacturer: COYO GmbH Affected Version(s): 9.0.8, 10.0.11, 12.0.4 Tested Version(s): 9.0.8, 10.0.11, 10.0.33, 12.0.4 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2018-09-06 Solution Dat
[…続きを読む]
Advisory ID: SYSS-2018-037 Product: Pages for Bitbucket Server Manufacturer: Simplenia AG Affected Version(s): 2.6.0 and before Tested Version(s): 2.6.0 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2018-11-26 Solution Date: 20
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4378-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 30,
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4377-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 30, 20
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4376-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 30, 20
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4375-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 29,
[…続きを読む]
CA20190124-01: Security Notice for CA Automic Workload Automation Issued: January 24, 2019 Last Updated: January 24, 2019 CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attack
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4374-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 28, 20
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4373-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez January 28, 201
[…続きを読む]
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt [+] ISR: ApparitionSec [+] Zero Day Initiative Program [+] ZDI-CAN-7591 [Vendor]
[…続きを読む]
– ————————————————————————- Debian Security Advisory DSA-4372-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 26,
[…続きを読む]
CVE-2019-6690: Improper Input Validation in python-gnupg ======================================================== We discovered a way to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when symmetric encryption is used. The supplied passphrase i
[…続きを読む]
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface (AWI) (formerly Automic Automation Engine, UC4) vulnerable version: 12.0, 12.1, 12.2 fixed version
[…続きを読む]
Advisory: Cisco RV320 Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and later Fi
[…続きを読む]
