Monthly Archive: June 2019

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in...

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. Date published : 2019-06-16 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/ https://github.com/twisted/twisted/pull/1147

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. Date published : 2019-06-15 https://lists.openwall.net/full-disclosure/2013/03/05/2 https://wordpress.org/plugins/count-per-day/#developers

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. Date published : 2019-06-15 http://www.securityfocus.com/bid/108790 http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. Date published : 2019-06-15 https://ctrsec.io/index.php/2019/06/11/ace-orangehrm/ https://github.com/orangehrm/orangehrm/pull/528

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. Date published : 2019-06-15 https://github.com/JayXon/Leanify/issues/52

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP...

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to BBCode persistent XSS to take over any forum account, aka a nested video...

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations....

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Date published : 2019-06-15 https://seclists.org/bugtraq/2019/Jun/23 https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS...

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for...

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space...