[RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple

Advisory: Code Execution via Insecure Shell Function getopt_simple RedTeam Pentesting discovered that the shell function "getopt_simple", as presented in the "Advanced Bash-Scripting Guide", allows execution of attacker-controlled commands. Details === Product: Advanced Bash-Scripting

Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada

Recon Montreal - Call For Papers - June 28 - 30 - 2019 Welcome to TeleMate! ATDT1514XXX CONNECT 300 .. DATAPAC : DATAPAC: Call connected to This is a private system. Access attempts are logged. Unauthorized access may result in prosecution. Bienvenue! +

[slackware-security] mozilla-thunderbird (SSA:2019-084-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2019-084-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

APPLE-SA-2019-3-25-1 iOS 12.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-1 iOS 12.2 iOS 12.2 is now available and addresses the following: CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a

APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-6 iCloud for Windows 7.11 iCloud for Windows 7.11 is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

[article2pdf (Wordpress plug-in)] Multiple vulnerabilities (CVE-2019-1000031, CVE-2019-1010257)

Product: article2pdf (Wordpress plug-in) Product Website: https://wordpress.org/plugins/article2pdf/ Affected Versions: 0.24 and greater The following vulnerabilities were found in a code review of the plug-in. An attempt to contact the plug-in maintainer on 8 December 2018 was unsuccessful.

APPLE-SA-2019-3-25-3 tvOS 12.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A

APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows iTunes 12.9.4 for Windows is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

APPLE-SA-2019-3-25-4 Safari 12.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-4 Safari 12.1 Safari 12.1 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and Mojave 10.14.4 Impact: Enabling the Safari Reader feature on a maliciously

APPLE-SA-2019-3-25-7 Xcode 10.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-7 Xcode 10.2 Xcode 10.2 is now available and addresses the following: Kernel Available for: macOS 10.13.6 or later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the

Multiple vulnerabilities in DASAN H660RM GPON router firmware

Hi! CVE-2019-9974: diag_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without any authorization leading to information disclosure and DoS attacks Remote attacker could enumerate hosts on LAN interface sending requests to /cgi-bin/diag_tool.cgi with ip