|
|
Colapse all |
Post message
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal 2018-03-22 x ksi (s3810 pjwstk edu pl) Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation 2018-03-22 x ksi (s3810 pjwstk edu pl) Hey, The Local Privilege Escalation vulnerability was found in the Kaseya Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a Windows service that periodically executes various programs with â??NT AUTHORITY\SYSTEMâ? privileges. In the Kaseya's default configuration, Window [ more ] [ reply ] Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability 2018-03-21 Secunia Research (remove-vuln secunia com) Advisory - Bitbucket Server - CVE-2018-5225 2018-03-22 Matthew Hart (mhart atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This email refers to the advisory found at https://confluence.atlassian.com/x/3WNsO CVE ID: CVE-2018-5225 Products: Bitbucket Server Affected Bitbucket Server Versions: 4.13.0 <= version < 5.4.8 5.5.0 <= version < 5.5.8 5.6.0 <= version < 5.6.5 5 [ more ] [ reply ] Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability 2018-03-21 Secunia Research (remove-vuln secunia com) Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability 2018-03-21 Secunia Research (remove-vuln secunia com) CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20 Advisories (advisories compass-security com) (1 replies) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-026 # Sub [ more ] [ reply ] Unsubscribe - Re: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries 2018-03-20 Gary Frank (garoo7 hotmail com) ES2018-05 Kamailio heap overflow 2018-03-20 Sandro Gauci (sandro enablesecurity com) (1 replies) # Off-by-one heap overflow in Kamailio - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7 - References: no CVE assigned yet - Enable Security Advisory: <https://github.com/EnableSecurity/ad [ more ] [ reply ] [slackware-security] libvorbis (SSA:2018-076-01) 2018-03-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libvorbis (SSA:2018-076-01) New libvorbis packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2018-075-01) 2018-03-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-075-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/ [ more ] [ reply ] [SECURITY] [DSA 4141-1] libvorbisidec security update 2018-03-16 Salvatore Bonaccorso (carnil debian org) RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213) 2018-03-16 \(RS\) Tyler Schroder (redorhcs redcoded com) Abine Blur Password Manager Insecure Permissions Module: Blur Web Extension Announced: 2018-03-10/16 Credits: RS Tyler Schroder Affects: 7.8.242* BEFORE 7.8.2428 CVE ID: CVE-2018-7213 I. Background Abine Blur is a password management suite combined with online anonymity tools designed to help consu [ more ] [ reply ] [SECURITY] [DSA 4140-1] libvorbis security update 2018-03-16 Salvatore Bonaccorso (carnil debian org) [CVE-2017-1205] IBM Spectrum LSF Privilege Escalation 2018-03-16 john fitzpatrick mwrinfosecurity com ###[IBM Spectrum LSF Privilege Escalation]### * Software: IBM Spectrum LSF * Affected Versions: IBM Spectrum LSF 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, 10.1.0.1 * CVE Reference: CVE-2017-1205 * Author: John Fitzpatrick (@j0hn__f) * Severity: CVSS 9.3 * Vendor: IBM * Vendor Response: Fixes provided * Date: [ more ] [ reply ] [slackware-security] curl (SSA:2018-074-01) 2018-03-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2018-074-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/c [ more ] [ reply ] Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities 2018-03-15 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net) 2018-03-14 SEC Consult Vulnerability Lab (research sec-consult com) FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution 2018-03-14 FreeBSD Security Advisories (security-advisories freebsd org) |
|
Privacy Statement |
The Path Traversal vulnerability was found in the component of the Bomgar
Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar
applet that is hosted at https://TARGET/api/content/JavaStart.jar on the
vulnerable RSP deployments. The JavaStart version 52970 and prior were
c
[ more ] [ reply ]