Security Updates from SECLISTS

Subscribe to Security Updates from SECLISTS feed
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 48 min ago

[SECURITY] [DSA 4434-1] drupal7 security update

Sun, 04/21/2019 - 22:52

Posted by Salvatore Bonaccorso on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-4434-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2019-11358
Debian Bug :...

WordPress Plugin Contact Form Builder [CSRF → LFI]

Sun, 04/21/2019 - 22:49

Posted by Panagiotis Vagenas on Apr 21

# Exploit Title: Contact Form Builder [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-builder
# Version: 1.0.67
# Tested on: WordPress 5.1.1

Description
-----------

Plugin implements the following AJAX actions:

- `ContactFormMakerPreview`
- `ContactFormmakerwdcaptcha`
- `nopriv_ContactFormmakerwdcaptcha`
- `CFMShortcode`...

[slackware-security] libpng (SSA:2019-107-01)

Thu, 04/18/2019 - 01:40

Posted by Slackware Security Team on Apr 17

[slackware-security] libpng (SSA:2019-107-01)

New libpng packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
Fixed a memory leak in the ARM NEON...

[SECURITY] [DSA 4433-1] ruby2.3 security update

Wed, 04/17/2019 - 05:47

Posted by Moritz Muehlenhoff on Apr 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4433-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby2.3
CVE ID : CVE-2019-8320 CVE-2019-8321...

[SECURITY] [DSA 4432-1] ghostscript security update

Wed, 04/17/2019 - 05:38

Posted by Salvatore Bonaccorso on Apr 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4432-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-3835 CVE-2019-3838...

CVE-2018-2879 - anniversary

Wed, 04/17/2019 - 05:34

Posted by Red Timmy Sec - on Apr 17

For the anniversary of the discovery of CVE-2018-2879 by Sec Consult
(https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/) we have decided to release OAMbuster,
a multi-thread implementation of CVE-2018-2879.

Link of the exploit: https://github.com/redtimmy/OAMBuster

Some additional details: https://redtimmysec.wordpress.com/2019/04/14/oambuster-multithreaded-exploit-for-cve-2018-2879/

regards
Red Timmy Security

[SE-2019-01] Gemalto SIM card applet loading vulnerability

Mon, 04/15/2019 - 03:13

Posted by Security Explorations on Apr 15

Hello All,

On Mar 20, 2019 Security Explorations reported a security vulnerability
(Issue 19) to Gemalto [1], that made it possible to achieve read, write
and native code execution access on company's card (GemXplore 3G v3.0).

On Mar 30, 2019, Gemalto provided is with the results of its analysis
of the submitted report.

Gemalto started its message by stating that "the company is committed
to provide state of the art security products...

[SECURITY] [DSA 4431-1] libssh2 security update

Mon, 04/15/2019 - 03:09

Posted by Salvatore Bonaccorso on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4431-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libssh2
CVE ID : CVE-2019-3855 CVE-2019-3856...

[**UPDATED] Microsoft Internet Explorer v11 / XML External Entity Injection 0day

Sun, 04/14/2019 - 01:27

Posted by apparitionsec on Apr 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Internet Explorer v11
(latest version)

Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft...

[SECURITY] [DSA 4430-1] wpa security update

Thu, 04/11/2019 - 07:16

Posted by Yves-Alexis Perez on Apr 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4430-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
April 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2019-9495 CVE-2019-9497...

Microsoft Internet Explorer v11 XML External Entity Injection 0day

Thu, 04/11/2019 - 07:13

Posted by apparitionsec on Apr 11

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Microsoft Internet Explorer v11
(latest version)

Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft...

WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002

Thu, 04/11/2019 - 07:10

Posted by Michael Catanzaro on Apr 11

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002
------------------------------------------------------------------------

Date reported : April 10, 2019
Advisory ID : WSA-2019-0002
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0002.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0002.html
CVE identifiers : CVE-2019-6201,...

[SECURITY] [DSA 4429-1] spip security update

Wed, 04/10/2019 - 11:09

Posted by Sebastien Delafond on Apr 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4429-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
April 10, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
Debian Bug : 926764

It was discovered that SPIP,...

[SECURITY] [DSA 4428-1] systemd security update

Tue, 04/09/2019 - 09:02

Posted by Salvatore Bonaccorso on Apr 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-4428-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2019-3842

Jann Horn...

[SECURITY] [DSA 4427-1] samba security update

Mon, 04/08/2019 - 05:22

Posted by Sebastien Delafond on Apr 08

-------------------------------------------------------------------------
Debian Security Advisory DSA-4427-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
April 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2019-3880

Michael Hanselmann...

RE: [EXTERNAL] CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

Mon, 04/08/2019 - 03:28

Posted by Michael Artemio Go Rebultan on Apr 08

Hi Rodrigo:
Thank you so much for this CFP. Kindly see attached from my end.

In my talk on the incoming "2019 Industrial Control Systems (ICS) Cyber Security Conference | Singapore"
(https://www.icscybersecurityconference.com/singapore/), I will be covering Zero-day & fileless malware hunting in
operational Technology (OT) environment which shows the persistence attacks from different threat actors and their
cleverness.

It’s...

[slackware-security] httpd (SSA:2019-096-01)

Mon, 04/08/2019 - 02:33

Posted by Slackware Security Team on Apr 07

[slackware-security] httpd (SSA:2019-096-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.39-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker
or prefork,...

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

Mon, 04/08/2019 - 02:33

Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 07

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

The call for papers for H2HC 16th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 26th and 27th of
October 2019.

[ - INTRODUCTION - ]

For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 26 and 27 of october of 2019 and aims to get together industry,...

[SECURITY] [DSA 4426-1] tryton-server security update

Mon, 04/08/2019 - 02:30

Posted by Moritz Muehlenhoff on Apr 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-4426-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tryton-server
CVE ID : CVE-2019-10868

Cedric Krier...

[slackware-security] wget (SSA:2019-095-02)

Mon, 04/08/2019 - 02:28

Posted by Slackware Security Team on Apr 07

[slackware-security] wget (SSA:2019-095-02)

New wget packages are available for Slackware 14.2 and -current to fix a
security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wget-1.20.3-i586-1_slack14.2.txz: Upgraded.
Fixed a buffer overflow vulnerability:
src/iri.c(do_conversion): Reallocate the output buffer to a larger
size if it is already full.
For more information,...

Pages