Security Alerts

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 week 5 days ago

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Tue, 09/10/2019 - 12:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...
Categories: Security

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Tue, 09/10/2019 - 11:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...
Categories: Security

[SECURITY] [DSA 4521-1] docker.io security update

Tue, 09/10/2019 - 11:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...
Categories: Security

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Tue, 09/10/2019 - 11:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...
Categories: Security

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

Tue, 09/10/2019 - 11:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...
Categories: Security

[SECURITY] [DSA 4520-1] trafficserver security update

Tue, 09/10/2019 - 11:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...
Categories: Security

[SECURITY] [DSA 4519-1] libreoffice security update

Tue, 09/10/2019 - 11:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...
Categories: Security

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Tue, 09/10/2019 - 11:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...
Categories: Security

[SECURITY] [DSA 4518-1] ghostscript security update

Tue, 09/10/2019 - 11:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...
Categories: Security

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Tue, 09/10/2019 - 11:28

Posted by Kevin Kotas on Sep 10

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...
Categories: Security

[SECURITY] [DSA 4517-1] exim4 security update

Fri, 09/06/2019 - 07:29

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4517-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-15846

"Zerons"...
Categories: Security

Windows NTFS / Privileged File Access Enumeration

Fri, 09/06/2019 - 07:27

Posted by apparitionsec on Sep 06

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default
file system of the Windows NT family....
Categories: Security

[SECURITY] [DSA 4516-1] firefox-esr security update

Fri, 09/06/2019 - 07:22

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4516-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9812 CVE-2019-11740...
Categories: Security

AST-2019-005: Remote Crash Vulnerability in audio transcoding

Fri, 09/06/2019 - 07:18

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-005

Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
Categories: Security

AST-2019-004: Crash when negotiating for T.38 with a declined stream

Fri, 09/06/2019 - 07:14

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-004

Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...
Categories: Security