Monthly Archive: February 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a...

Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish...

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to...

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial...

util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. Date published : 2019-02-26 https://github.com/mimblewimble/grin/pull/2624 https://github.com/mimblewimble/grin/releases/tag/v1.0.2

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. Date published : 2019-02-26 https://github.com/Studio-42/elFinder/blob/master/README.md https://github.com/Studio-42/elFinder/compare/6884c4f…0740028

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by ‘(|)(\1\1)*’ in grep, a different issue than CVE-2018-20796. NOTE: the software...

The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy. Date published : 2019-02-26 http://www.securityfocus.com/bid/107208 https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. Date published : 2019-02-26 https://www.exploit-db.com/exploits/46467/ J2Store plugin 3.3.6 – SQL...

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. Date...

SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows...

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. Date published : 2019-02-26 http://www.securityfocus.com/bid/107040 https://support.ca.com/us/product-content/recommended-reading/security-notices/CA20190212-01–security-notice-for-ca-privileged-access-manager.html

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13. Date published...

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. Date published : 2019-02-26 http://www.securityfocus.com/bid/107173 https://support.f5.com/csp/article/K31424926