Re: [SECURITY] [DSA 4628-1] php7.0 security update

[SECURITY] [DSA 4628-1] php7.0 security update Feb 18 2020 10:00PM Moritz Muehlenhoff (jmm debian org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4628-1 security (at) debian (dot) org

Re: BugTraq Shutdown

All old school hackers from UPT remember and want to show respect. Thanks for everything. >From invalid, merc, MR (rest in peace) and the rest of us crusty old geeks.

On Second Thought...

Bugtraq has been a valuable institution within the Cyber Security community for almost 30 years. Many of our own people entered the industry by subscribing to it and learning from it. So, based on the feedback we’ve received both from the community-at-large and internally, we’ve decided to

BugTraq Shutdown

2020 was quite the year, one that saw many changes. As we begin 2021, we wanted to send one last note to our friends and supporters at the SecurityFocus BugTraq mailing list. As many of you know, assets of Symantec were acquired by Broadcom in late 2019, and some of those assets were then

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components

Hi @ll, since Microsoft Server 2003 R2, Microsoft dares to ship and install the abomination known as .NET Framework with every new version of Windows. Among other components current versions of Windows and .NET Framework include C# compiler

Local information disclosure in OpenSMTPD (CVE-2020-8793)

Qualys Security Advisory Local information disclosure in OpenSMTPD (CVE-2020-8793) == Contents == Summary Analysis Exploitation POKE 47196,

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) == Contents == Summary Analysis ... Acknowledgments

[SECURITY] [DSA 4633-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4633-1 secur...@debian.org https://www.debian.org/security/ Alessandro Ghedini February 22, 2020

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts to Andrew,

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass

From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass Release mode: Vendors do

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)

From the low-hanging-fruit-department F-SECURE Generic Malformed Container bypass (GZIP) Ref : [TZO-16-2020] -

[slackware-security] proftpd (SSA:2020-051-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4628-1] php7.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4628-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020

[SECURITY] [DSA 4629-1] python-django security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4629-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond February 19, 2020

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)

From the low-hanging-fruit-department Bitdefender Generic Malformed Archive Bypass (GZIP) Release mode: Silent Patch

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

From the low-hanging-fruit-department Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length) Release mode:

[SECURITY] [DSA 4626-1] php7.3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4626-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020

[SECURITY] [DSA 4627-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4627-1 secur...@debian.org https://www.debian.org/security/ Alberto Garcia February 17, 2020

[SECURITY] [DSA 4620-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4620-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020

Web Application Firewall bypass via Bluecoat device

Hi, we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties". We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF

[slackware-security] libarchive (SSA:2020-043-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libarchive (SSA:2020-043-01) New libarchive packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4621-1] openjdk-8 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4621-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020

[TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)

From the low-hanging-fruit-department F-SECURE Generic Malformed Container bypass (RAR) Ref : [TZO-15-2020] -

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002 Date reported : February 14, 2020 Advisory ID :

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

The TrustedInstaller service running on the Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assemblies via application manifests files into the WinSxS store. These API methods were meant to be available for users

[SECURITY] [DSA 4624-1] evince security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4624-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2020

[SECURITY] [DSA 4625-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4625-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 15, 2020

[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

From the low-hanging-fruit-department AVIRA Generic Malformed Container bypass (ZIP GPFLAG) Release mode: No Patch -

[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)

From the low-hanging-fruit-department ESET Generic Malformed Archive Bypass (BZ2 Checksum) Release mode: Coordinated

[SECURITY] [DSA 4623-1] postgresql-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4623-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020

[EnumJavaLibs]_ Remote Java classpath enumerator

Hi, we have just released EnumJavaLibs to perform java classes enumeration against java services. To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding calls to readObject() and finding a way for user input to reach that function. In

[slackware-security] mozilla-firefox (SSA:2020-042-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-042-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4622-1] postgresql-9.6 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4622-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2020

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-042-02) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

[SECURITY] [DSA 4618-1] libexif security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4618-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020

[SECURITY] [DSA 4619-1] libxmlrpc3-java security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4619-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020

xglance-bin exploit (CVE-2014-2630)

In one of our recent penetration tests we have abused a vulnerability affecting a suid binary called “xglance-bin“. Part of HP Performance Monitoring solution, it allowed us to escalate our local unprivileged sessions on some Linux RHEL 6.x/7.x/8.x systems to root. To be very honest, it was not

[SECURITY] [DSA 4617-1] qtbase-opensource-src security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4617-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2020

[SECURITY] [DSA 4612-1] prosody-modules security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4612-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2020

[slackware-security] sudo (SSA:2020-031-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] sudo (SSA:2020-031-01) New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4613-1] libidn2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4613-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020

[SECURITY] [DSA 4614-1] sudo security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4614-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020

[SECURITY] [DSA 4615-1] spamassassin security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4615-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020

[SECURITY] [DSA 4616-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4616-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2020

Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege

Hi @ll, Intel® Processor Identification Utility - Windows* Version, version 6.0.0211 from 2019-02-11, available from via , and earlier versions 6.0.*

[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED

Hi @ll, on September 29, 2019, John Page reported a remote code execution with escalation of privilege in TrendMicro's Anti-Threat Toolkit to its vendor. TrendMicro assigned CVE-2019-9491 to this vulnerability and told the reporter, his dog and the world on October 18, 2019, that they had fixed

[SECURITY] [DSA 4610-1] webkit2gtk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4610-1 secur...@debian.org https://www.debian.org/security/ Alberto Garcia January 29, 2020

APPLE-SA-2020-1-29-1 iCloud for Windows 7.17

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-29-1 iCloud for Windows 7.17 iCloud for Windows 7.17 addresses the following: ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An

APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-29-2 iCloud for Windows 10.9.2 iCloud for Windows 10.9.2 is now available and addresses the following: ImageIO Available for: Windows 10 and later via the Microsoft Store Impact: Processing a maliciously crafted image may lead to

[SECURITY] [DSA 4611-1] opensmtpd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4611-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 29, 2020

FreeBSD Security Advisory FreeBSD-SA-20:02.ipsec

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-20:02.ipsec Security Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-20:01.libfetch Security Advisory The FreeBSD Project Topic:

APPLE-SA-2020-1-28-3 watchOS 6.1.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-3 watchOS 6.1.2 watchOS 6.1.2 is now available and addresses the following: AnnotationKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1 iOS 13.3.1 and iPadOS 13.3.1 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address the

FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-20:03.thrmiscSecurity Advisory The FreeBSD Project Topic:

APPLE-SA-2020-1-28-5 Safari 13.0.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-5 Safari 13.0.5 Safari 13.0.5 is now available and addresses the following: Safari Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: Visiting a malicious website may lead to address bar

APPLE-SA-2020-1-28-4 tvOS 13.3.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-4 tvOS 13.3.1 tvOS 13.3.1 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with system privileges Description: A memory

APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2020-1-28-6 iTunes for Windows 12.10.4 iTunes for Windows 12.10.4 is now available and addresses the following: Mobile Device Service Available for: Windows 7 and later Impact: A user may gain access to protected parts of the file system

Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)

Hi @ll, (a long[er] form of the following advisory is available at ) With Windows 10 1607, Microsoft introduced the /DEPENDENTLOADFLAG linker option, a security feature to restrict or limit the search path for DLLs: | On supported operating

LPE and RCE in OpenSMTPD (CVE-2020-7247)

Qualys Security Advisory LPE and RCE in OpenSMTPD (CVE-2020-7247) == Contents == Summary Analysis Exploitation Acknowledgments

CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template

Dear bugtraq, Please find attached an advisory for the following vulnerability, " FusionAuth command execution via Apache Freemarker Template". Description:An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates)

[slackware-security] mozilla-thunderbird (SSA:2020-024-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-024-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001 Date reported : January 23, 2020 Advisory ID :

[SECURITY] [DSA 4609-1] python-apt security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4609-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2020

SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS

SEC Consult Vulnerability Lab Security Advisory < 20200123-0 > === title: Cross-Site Request Forgery (CSRF) product: Umbraco CMS vulnerable version: version 8.2.2 fixed version: version 8.5

SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

SEC Consult Vulnerability Lab Security Advisory < 20200122-0 > === title: Reflected XSS product: ZOHO ManageEngine ServiceDeskPlus vulnerable version: <= 11.0 Build 11007 fixed version: 11.0 Build

[REVIVE-SA-2020-001] Revive Adserver Vulnerability

Revive Adserver Security Advisory REVIVE-SA-2020-001 https://www.revive-adserver.com/security/revive-sa-2020-001

[SECURITY] [DSA 4608-1] tiff security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4608-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2020

[SECURITY] [DSA 4607-1] openconnect security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4607-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2020

Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption CVE-2020-6857

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.neowise.com

Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt [+] ISR: ApparitionSec [Vendor] www.trendmicro.com [Product]

Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.trendmicro.com

[SECURITY] [DSA 4606-1] chromium security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4606-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 20, 2020

[SECURITY] [DSA 4603-1] thunderbird security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4603-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2020

[SECURITY] [DSA 4604-1] cacti security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4604-1 secur...@debian.org https://www.debian.org/security/Hugo Lefeuvre January 19, 2020

[SECURITY] [DSA 4605-1] openjdk-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4605-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 19, 2020

CVE-2020-2656 - Low impact information disclosure via Solaris xlock

Dear Bugtraq, Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of January 2020: "A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial

CVE-2020-2696 - Local privilege escalation via CDE dtsession

Dear Bugtraq, Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of January 2020: "A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle

[SECURITY] [DSA 4602-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4602-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 13, 2020

[TZO-09-2020] - Bitdefender Malformed Archive bypass (RAR Uncompressed Size)

From the low-hanging-fruit-department Bitdefender Generic Malformed Archive Bypass (RAR Uncompressed Size) Release mode: Forced

[TZO-10-2020] - Bitdefender Malformed Archive bypass (RAR Compression Information)

From the low-hanging-fruit-department Bitdefender Malformed Archive Bypass (RAR Compression Information) Release mode: Forced

[slackware-security] mozilla-thunderbird (SSA:2020-010-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog:

[TZO-08-2020] Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG)

From the low-hanging-fruit-department Bitdefender Generic Malformed Archive Bypass (ZIP GPFLAG) Release mode: Forced

[TZO-06-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)

From the low-hanging-fruit-department Kaspersky Generic Malformed Archive Bypass (ZIP Filename Length) Release mode:

[TZO-05-2020] Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size)

From the low-hanging-fruit-department Kaspersky Generic Malformed Archive Bypass (ZIP Compressed Size) Release mode:

[TZO-07-2020] Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS)

From the low-hanging-fruit-department Bitdefender Generic Malformed Archive Bypass (RAR HOST_OS) Release mode: Forced

[SECURITY] [DSA 4601-1] ldm security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4601-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020

[SECURITY] [DSA 4600-1] firefox-esr security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4600-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 09, 2020

[slackware-security] mozilla-firefox (SSA:2020-009-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-009-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+

[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4598-1] python-django security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4598-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020

[SECURITY] [DSA 4599-1] wordpress security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4599-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond January 08, 2020

[slackware-security] mozilla-firefox (SSA:2020-006-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2020-006-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

[SECURITY] [DSA 4597-1] netty security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4597-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020

[TZO-04-2020] Bitdefender Generic Malformed Archive Bypass (BZ2)

From the low-hanging-fruit-department Bitdefender Generic Malformed Archive Bypass (BZ2) Release mode : Forced Disclosure

[RT-SA-2019-015] IceWarp: Cross-Site Scripting in Notes for Contacts

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an

[TZO-01-2020] AVIRA Generic Malformed Container bypass (ISO)

From the low-hanging-fruit-department AVIRA Generic Malformed Container bypass (ISO) Release mode:

[TZO-02-2020] Kaspersyk Generic Malformed Archive Bypass (ZIP GFlag)

From the low-hanging-fruit-department Kaspersky Generic Malformed Archive Bypass (ZIP GFlag) Release mode: Coordinated

[TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)

From the low-hanging-fruit-department ESET Generic Malformed Archive Bypass (ZIP Compression Information) Release mode:

  1   2   3   4   5   6   7   8   9   10   >