[SECURITY] [DSA 4149-1] plexus-utils2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4149-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018

[SECURITY] [DSA 4148-1] kamailio security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4148-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018

ModSecurity WAF 3.0 for Nginx - Denial of Service

Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vector(s). /* * 1. Use-After-Free (UAF) */ During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWA

Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal

Hey, The Path Traversal vulnerability was found in the component of the Bomgar Remote Support Portal (RSP) [1]. The affected component is a JavaStart.jar applet that is hosted at https://TARGET/api/content/JavaStart.jar on the vulnerable RSP deployments. The JavaStart version 52970 and prior were

Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation

Hey, The Local Privilege Escalation vulnerability was found in the Kaseya Virtual System Administrator (VSA) [1] agent "AgentMon.exe". The agent is a Windows service that periodically executes various programs with “NT AUTHORITY\SYSTEM” privileges. In the Kaseya's default configuration, Windows u