|
|
Colapse all |
Post message
[SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16 Moritz Muehlenhoff (jmm debian org) Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16 dkl mozilla com Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had [ more ] [ reply ] [slackware-security] irssi (SSA:2018-046-01) 2018-02-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-046-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ------------------------------------------------------------------ Vulnerability Type: Unrestricted File Upload Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Malicous File Upload --------- [ more ] [ reply ] Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15 Arvind Vishwakarma (arvind12786 gmail com) ----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access -------------- [ more ] [ reply ] [SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15 Sebastien Delafond (seb debian org) NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO N-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: ============= www.nat32.com Product: ================= NAT32 Build (22284) [ more ] [ reply ] Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterdays "Security update deployment information: February 13, 2018" <https://support.microsoft.com/en-us/help/20180213> links the following MSKB articles for the security updates of Microsoft's Office products: <https://support.microsoft.com/kb/4011715> <https://support.microsoft.com/kb/ [ more ] [ reply ] [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911 03 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 [ more ] [ reply ] CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Microsoft Intune [1] # Vendor: Microsoft # CSNC ID: CSNC-2017-027 # Sub [ more ] [ reply ] [security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03819en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03819en_us Version: 1 HP [ more ] [ reply ] CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12 apparitionsec gmail com [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED- REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security [+] SSD Beyond Security Submission: https://blogs.securiteam.com/index [ more ] [ reply ] KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details A [ more ] [ reply ] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see <http://seclists.org/fulldisclosure/2018/Feb/17> Once installed, Skype uses its own proprietary update mechanism instead o [ more ] [ reply ] Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Jeffrey Walton (noloader gmail com) (1 replies) Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-15 Stefan Kanthak (stefan kanthak nexgo de) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability Title: NetEx HyperIP Privilege Escalation Vulnerability Advisory ID: KL-001-2018-004 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt 1. Vulnerability Details A [ more ] [ reply ] KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution Title: NetEx HyperIP Post-Auth Command Execution Advisory ID: KL-001-2018-003 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt 1. Vulnerability Details Affected Vendor [ more ] [ reply ] KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass Title: Trend Micro IMSVA Management Portal Authentication Bypass Advisory ID: KL-001-2018-006 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-002 : NetEx HyperIP Authentication Bypass Title: NetEx HyperIP Authentication Bypass Advisory ID: KL-001-2018-002 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt 1. Vulnerability Details Affected Vendor: NetEx [ more ] [ reply ] |
|
Privacy Statement |
# Date: 17-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7046
# Category: webapps
1. Description
Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar
[ more ] [ reply ]