|
|
Colapse all |
Post message
Local information disclosure in OpenSMTPD (CVE-2020-8793) 2020-02-24 Qualys Security Advisory (qsa qualys com) Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components 2020-02-24 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe, [ more ] [ reply ] LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 2020-02-24 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ======================================================================== ====== Contents ======================================================================== ====== Summary Analysis ... Acknowledgments ===== [ more ] [ reply ] Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 2020-02-25 Jamie R (jamie blacktraffic co uk) I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts to Andrew, Da [ more ] [ reply ] [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 2020-02-24 Thierry Zoller (thierry zoller lu) ________________________________________________________________________ From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass ________________________________________________________________________ Release mode : Vendors do n [ more ] [ reply ] [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 2020-02-24 Thierry Zoller (thierry zoller lu) [slackware-security] proftpd (SSA:2020-051-01) 2020-02-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pac [ more ] [ reply ] [SECURITY] [DSA 4629-1] python-django security update 2020-02-19 Sebastien Delafond (seb debian org) [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 2020-02-18 Thierry Zoller (thierry zoller lu) [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) 2020-02-17 Thierry Zoller (thierry zoller lu) [TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR) 2020-02-14 Thierry Zoller (thierry zoller lu) WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 2020-02-14 Carlos Alberto Lopez Perez (clopez igalia com) [slackware-security] libarchive (SSA:2020-043-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability 2020-02-14 Imre Rad (radimre83 gmail com) The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users with [ more ] [ reply ] [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) 2020-02-13 Thierry Zoller (thierry zoller lu) [EnumJavaLibs]_ Remote Java classpath enumerator 2020-02-13 RedTimmy Security (redazione segfault it) (1 replies) Hi, we have just released EnumJavaLibs to perform java classes enumeration against java services. To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In case [ more ] [ reply ] Web Application Firewall bypass via Bluecoat device 2020-02-16 RedTimmy Security (redazione segfault it) [SECURITY] [DSA 4623-1] postgresql-11 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-firefox (SSA:2020-042-01) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [SECURITY] [DSA 4622-1] postgresql-9.6 security update 2020-02-13 Moritz Muehlenhoff (jmm debian org) [slackware-security] mozilla-thunderbird (SSA:2020-042-02) 2020-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-042-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] |
|
Privacy Statement |
Qualys Security Advisory
Local information disclosure in OpenSMTPD (CVE-2020-8793)
========================================================================
======
Contents
========================================================================
======
Summary
Analysis
Exploitation
POKE 47196, 201
[ more ] [ reply ]