Feed aggregator

[SECURITY] [DSA 4524-1] dino-im security update

Security Updates from SECLISTS - 4 hours 6 min ago

Posted by Moritz Muehlenhoff on Sep 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4524-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dino-im
CVE ID : CVE-2019-16235 CVE-2019-16236...

[slackware-security] expat (SSA:2019-259-01)

Security Updates from SECLISTS - 4 hours 10 min ago

Posted by Slackware Security Team on Sep 17

[slackware-security] expat (SSA:2019-259-01)

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/expat-2.2.8-i586-1_slack14.2.txz: Upgraded.
Fix heap overflow triggered by XML_GetCurrentLineNumber (or
XML_GetCurrentColumnNumber), and deny internal entities closing the doctype.
For more...

[SECURITY] [DSA 4523-1] thunderbird security update

Security Updates from SECLISTS - Mon, 09/16/2019 - 03:26

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4523-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2019-11739 CVE-2019-11740...

[SECURITY] [DSA 4522-1] faad2 security update

Security Updates from SECLISTS - Mon, 09/16/2019 - 03:24

Posted by Moritz Muehlenhoff on Sep 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1 security () debian org
https://www.debian.org/security/ Hugo Lefeuvre
September 15, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : faad2
CVE ID : CVE-2018-19502 CVE-2018-19503...

SEC Consult SA-20190912-0 :: Stored and reflected XSS vulnerabilities in LimeSurvey

Security Updates from SECLISTS - Mon, 09/16/2019 - 03:20

Posted by SEC Consult Vulnerability Lab on Sep 16

SEC Consult Vulnerability Lab Security Advisory < 20190912-0 >
=======================================================================
title: Stored and reflected XSS vulnerabilities
product: LimeSurvey
vulnerable version: <= 3.17.13
fixed version: =>3.17.14
CVE number: CVE-2019-16172, CVE-2019-16173
impact: medium
homepage: https://www.limesurvey.org/...

Crowd Sourcing Is Helping Hollywood Reduce the Risk of Movie-Making

Harvard Business School Working Knowledge - Mon, 09/16/2019 - 00:00
Hollywood insiders have created "The Black List," which helps surface good but often overlooked scripts. Does the wisdom of the crowd work at the box office? Research by Hong Luo.by Michael Blanding9289Hong Luo601709Research & Ideas

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

Security Updates from SECLISTS - Thu, 09/12/2019 - 04:54

Posted by Slackware Security Team on Sep 12

[slackware-security] mozilla-thunderbird (SSA:2019-254-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.1.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] openssl (SSA:2019-254-03)

Security Updates from SECLISTS - Thu, 09/12/2019 - 04:51

Posted by Slackware Security Team on Sep 12

[slackware-security] openssl (SSA:2019-254-03)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2t-i586-1_slack14.2.txz: Upgraded.
This update fixes low severity security issues:
Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Compute ECC cofactors if not...

[slackware-security] curl (SSA:2019-254-01)

Security Updates from SECLISTS - Thu, 09/12/2019 - 04:47

Posted by Slackware Security Team on Sep 12

[slackware-security] curl (SSA:2019-254-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP-KRB double-free
TFTP small blocksize heap buffer overflow
For more information, see:...

Germany May Have the Answer for Reducing Drug Prices

Harvard Business School Working Knowledge - Wed, 09/11/2019 - 00:00
In Germany, drugmakers must prove that a new medication’s benefits merit a higher price than existing drugs. Ariel Dora Stern asks whether "value-based pricing" should become the standard elsewhere.by Danielle Kost9307Ariel D. Stern735581Research & Ideas

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Security Updates from SECLISTS - Tue, 09/10/2019 - 12:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

[SECURITY] [DSA 4521-1] docker.io security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...

[SECURITY] [DSA 4520-1] trafficserver security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4519-1] libreoffice security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...

[SECURITY] [DSA 4518-1] ghostscript security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:28

Posted by Kevin Kotas on Sep 10

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...

Pages