Feed aggregator

[slackware-security] curl (SSA:2019-254-01)

Security Updates from SECLISTS - Thu, 09/12/2019 - 04:47

Posted by Slackware Security Team on Sep 12

[slackware-security] curl (SSA:2019-254-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.66.0-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
FTP-KRB double-free
TFTP small blocksize heap buffer overflow
For more information, see:...

Germany May Have the Answer for Reducing Drug Prices

Harvard Business School Working Knowledge - Wed, 09/11/2019 - 00:00
In Germany, drugmakers must prove that a new medication’s benefits merit a higher price than existing drugs. Ariel Dora Stern asks whether "value-based pricing" should become the standard elsewhere.by Danielle Kost9307Ariel D. Stern735581Research & Ideas

[CVE-2019-12516] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz-*" Multiple Authenticated SQL Injections

Security Updates from SECLISTS - Tue, 09/10/2019 - 12:01

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: SQL Injection [CWE-74]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE: CVE-2019-12516

2. CREDITS
==========
This vulnerability was discovered and researched by...

[CVE-2019-12517] SlickQuiz for Wordpress 1.3.7.1 "/wp-admin/admin.php?page=slickquiz" Multiple Stored XSS

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:59

Posted by Info on Sep 10

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: SlickQuiz
Vendor URL: https://wordpress.org/plugins/slickquiz/
Type: Cross-Site Scripting [CWE-79]
Date found: 2019-05-30
Date published: 2019-09-10
CVSSv3 Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2019-12517

2. CREDITS
==========
This vulnerability was discovered and...

[SECURITY] [DSA 4521-1] docker.io security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:58

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4521-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : docker.io
CVE ID : CVE-2019-13139 CVE-2019-13509...

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:54

Posted by Vulnerability Lab on Sep 10

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

NtFileSins v2.1 Windows NTFS Privileged File Access Enumeration Tool

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:49

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access...

[SECURITY] [DSA 4520-1] trafficserver security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:48

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4520-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 09, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2019-9512 CVE-2019-9514...

[SECURITY] [DSA 4519-1] libreoffice security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...

[SECURITY] [DSA 4518-1] ghostscript security update

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Security Updates from SECLISTS - Tue, 09/10/2019 - 11:28

Posted by Kevin Kotas on Sep 10

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...

Even for Non-Believers, These Are the Next Steps on Climate Change

Harvard Business School Working Knowledge - Sat, 09/07/2019 - 00:00
Are there immediate steps business and government should take to address climate change? Somewhere between trillion-dollar solutions and the next eco-calamity are opportunities to take action, argues John Macomber.by John Macomber9306John D. Macomber92011Op-Ed

[SECURITY] [DSA 4517-1] exim4 security update

Security Updates from SECLISTS - Fri, 09/06/2019 - 07:29

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4517-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-15846

"Zerons"...

Windows NTFS / Privileged File Access Enumeration

Security Updates from SECLISTS - Fri, 09/06/2019 - 07:27

Posted by apparitionsec on Sep 06

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default
file system of the Windows NT family....

[SECURITY] [DSA 4516-1] firefox-esr security update

Security Updates from SECLISTS - Fri, 09/06/2019 - 07:22

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4516-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9812 CVE-2019-11740...

AST-2019-005: Remote Crash Vulnerability in audio transcoding

Security Updates from SECLISTS - Fri, 09/06/2019 - 07:18

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-005

Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...

AST-2019-004: Crash when negotiating for T.38 with a declined stream

Security Updates from SECLISTS - Fri, 09/06/2019 - 07:14

Posted by Asterisk Security Team on Sep 06

Asterisk Project Security Advisory - AST-2019-004

Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...

Experimentation and Startup Performance: Evidence from A/B Testing

Harvard Business School Working Knowledge - Fri, 09/06/2019 - 00:00
Is experimentation the right strategy for startups? This analysis of the adoption of A/B testing technology by 35,000 global startups provides evidence that a strategy based on repeated experimentation will improve performance over time, but benefits vary.by Rembrand Koning, Sharique Hasan, and Aaron Chatterji9304Rembrand M. Koning876389Working Paper Summaries

[slackware-security] seamonkey (SSA:2019-247-01)

Security Updates from SECLISTS - Thu, 09/05/2019 - 03:27

Posted by Slackware Security Team on Sep 05

[slackware-security] seamonkey (SSA:2019-247-01)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.49.5-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.seamonkey-project.org/releases/2.49.5
(* Security...

Pages