|
|
Colapse all |
Post message
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21 Core Security Advisories Team (advisories coresecurity com) DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21 Defense Code (defensecode defensecode com) SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21 SEC Consult Vulnerability Lab (research sec-consult com) We have published an accompanying blog post to this technical advisory with further information: https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby -monitors-fail-to-be-smart/index.html SEC Consult Vulnerability Lab Security Advisory < 20180221-0 > =========================== [ more ] [ reply ] Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21 nafiez (nafiez skins gmail com) (1 replies) Unshar scans the input files (typically email messages) looking for the start of a shell archive. If no files are given, then standard input is processed instead. Shipped along with Sharutils. Bug was found with AFL. ================================================================= ==11164= [ more ] [ reply ] Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21 preethiknambiar gmail com Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20 suparna kachru gmail com *1. Introduction* Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 *2. Overview* Technical Description: There are multiple P [ more ] [ reply ] APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update macOS High Sierra 10.13.3 Supplemental Update is now available and addresses the following: CoreText Available for: macOS High Sierra 10.13.3 Impact: Processing a maliciously crafte [ more ] [ reply ] APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-3 tvOS 11.2.6 tvOS 11.2.6 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A [ more ] [ reply ] APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-1 iOS 11.2.6 iOS 11.2.6 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap [ more ] [ reply ] APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-4 watchOS 4.2.3 watchOS 4.2.3 is now available and addresses the following: CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corrupti [ more ] [ reply ] Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) # Date: 18-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7205 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli [ more ] [ reply ] [SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17 Salvatore Bonaccorso (carnil debian org) Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17 displaymyname gmail com # Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution # Date: 17-02-2018 # Software Link: https://www.kentico.com # Exploit Author: Keerati T. # CVE: CVE-2018-7046 # Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar [ more ] [ reply ] [SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16 Moritz Muehlenhoff (jmm debian org) Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16 dkl mozilla com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had [ more ] [ reply ] [slackware-security] irssi (SSA:2018-046-01) 2018-02-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-046-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ------------------------------------------------------------------ Vulnerability Type: Unrestricted File Upload Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Malicous File Upload --------- [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access -------------- [ more ] [ reply ] [SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15 Sebastien Delafond (seb debian org) NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO N-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build (22284) [ more ] [ reply ] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterdays "Security update deployment information: February 13, 2018" <https://support.microsoft.com/en-us/help/20180213> links the following MSKB articles for the security updates of Microsoft's Office products: <https://support.microsoft.com/kb/4011715> <https://support.microsoft.com/kb/ [ more ] [ reply ] [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 [ more ] [ reply ] |
|
Privacy Statement |
http://corelabs.coresecurity.com/
Trend Micro Email Encryption Gateway Multiple Vulnerabilities
1. *Advisory Information*
Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/ad
[ more ] [ reply ]