Monthly Archive: March 2019

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution....

rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution....

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). Date published : 2019-03-15 http://www.securityfocus.com/bid/106938 https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution....

rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). Date published : 2019-03-15 http://www.securityfocus.com/bid/106938 https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). Date published : 2019-03-15 http://www.securityfocus.com/bid/106938...

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. Date published : 2019-03-15 http://www.securityfocus.com/bid/106938 https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/

In yast2-printer up to and including version 4.0.2 the SMB printer settings don’t escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as...

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Date published : 2019-03-15 http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ https://bugreports.qt.io/browse/QTBUG-69449

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device’s configuration file, inserting an XSS payload into...

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system’s configuration file. This was exploitable via multiple attack vectors depending on the device’s configuration....

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account’s password (including the default "admin" account), without prior knowledge of their...

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. Date published : 2019-03-15 https://cyberskr.com/blog/cobham-satcom-250-500.html https://gist.github.com/CyberSKR/f6fc93702b9b9b73afa07877d1479fe0

An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher. Date published : 2019-03-15 https://improsec.com/tech-blog/cam1