[FD] ESA-2017-123: EMC Networker Remote Code Execution Vulnerability

2019-03-26 Thread secure
Restricted - Confidential -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2017-123: EMC Networker Remote Code Execution Vulnerability EMC Identifier: ESA-2017-123 CVE Identifier: CVE-2017-8023 Severity Rating: CVSSv3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected

[FD] APPLE-SA-2019-3-25-1 iOS 12.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-1 iOS 12.2 iOS 12.2 is now available and addresses the following: CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a

[FD] APPLE-SA-2019-3-25-6 iCloud for Windows 7.11

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-6 iCloud for Windows 7.11 iCloud for Windows 7.11 is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

[FD] APPLE-SA-2019-3-25-3 tvOS 12.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A

[FD] APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows iTunes 12.9.4 for Windows is now available and addresses the following: CoreCrypto Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A

[FD] APPLE-SA-2019-3-25-7 Xcode 10.2

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-7 Xcode 10.2 Xcode 10.2 is now available and addresses the following: Kernel Available for: macOS 10.13.6 or later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory

[FD] APPLE-SA-2019-3-25-4 Safari 12.1

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-4 Safari 12.1 Safari 12.1 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and Mojave 10.14.4 Impact: Enabling the Safari Reader feature on a maliciously

[FD] APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

2019-03-26 Thread Apple Product Security via Fulldisclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the

[FD] [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400)

2019-03-26 Thread Matthias Deeg
Advisory ID: SYSS-2018-036 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400) Risk Level: Low Solution Status: Open Manufacturer

[FD] [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311)

2019-03-26 Thread Matthias Deeg
Advisory ID: SYSS-2018-035 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21

[FD] [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341)

2019-03-26 Thread Matthias Deeg
Advisory ID: SYSS-2018-034 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Rolling Code - Predictable from Observable State (CWE-341) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21

[FD] CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion

2019-03-26 Thread Kevin R
** Discovered By: Kevin Randall on 3/23/2019 ** A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an

[FD] Recon 2019 Call For Papers - June 28 - 30, 2019 - Montreal, Canada

2019-03-26 Thread cfp
Recon Montreal - Call For Papers - June 28 - 30 - 2019 Welcome to TeleMate! ATDT1514XXX CONNECT 300 .. DATAPAC : DATAPAC: Call connected to This is a private system. Access attempts are logged. Unauthorized access may result in prosecution. Bienvenue! +

[FD] Repeat of CVE-2018-4251 in Razer Laptops

2019-03-26 Thread Bailey Fox
Razer has a vulnerability affecting all current laptops, where the SPI Flash is set to full read/write and the Intel CPU is left in ME Manufacturing Mode. This allows for attackers to safeguard rootkits with Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such as Meltdown,

[FD] [RT-SA-2019-007] Code Execution via Insecure Shell Function getopt_simple

2019-03-26 Thread RedTeam Pentesting GmbH
Advisory: Code Execution via Insecure Shell Function getopt_simple RedTeam Pentesting discovered that the shell function "getopt_simple", as presented in the "Advanced Bash-Scripting Guide", allows execution of attacker-controlled commands. Details === Product: Advanced Bash-Scripting