45 results
tagged
infosec x
-
DSA-2019-137: iDRAC Improper Authorization Vulnerability
In case you have your iDRAC available publicly ... (Hi NordVPN ;-) )November 8, 2019 at 11:17:50 AM GMT+1 - permalink -- https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en
-
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
a website is vulnerable, if:October 26, 2019 at 11:56:36 PM GMT+2 - permalink -
NGINX is configured to forward PHP pages requests to PHP-FPM processor,
fastcgi_split_path_info directive is present in the configuration and includes a regular expression beginning with a '^' symbol and ending with a '$' symbol,
PATH_INFO variable is defined with fastcgi_param directive,
There are no checks like try_files $uri =404 or if (-f $uri) to determine whether a file exists or not.- https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
-
Another libssh2 integer overflow (CVE-2019-17498) | Semmle Blog
ah, le premier qui soit si clair, je cite :October 23, 2019 at 11:50:47 AM GMT+2 - permalink -
This is not a vulnerability in openssh, so it doesn't affect the ssh that we all use every day. libssh2 is a client-side C library, which enables applications to connect to an SSH server. This also isn't a vulnerability in libssh, which is an unrelated C library which provides similar functionality to libssh2.- https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
-
https://www.openssh.com/txt/release-8.1
Bon, c'est pas comme si c'etait tous les jours, mais les certif CA généré par default avec ssh-keygen v8.1 ne seront plus compatible avec OpenSSH < 7.2October 14, 2019 at 7:31:52 PM GMT+2 - permalink -- https://www.openssh.com/txt/release-8.1
-
oss-sec: Sudo: CVE-2019-14287
Bon, dans le doute, on patch sudo hein ;-)October 14, 2019 at 7:00:04 PM GMT+2 - permalink -- https://seclists.org/oss-sec/2019/q4/18
-
CVE - CVE-2019-16701
Vu la réponse de PFsense sur twitter (see https://twitter.com/CVEnew/status/1176900464643887109 ) on va dire que c'est *DISPUTED* :)September 26, 2019 at 11:57:43 AM GMT+2 - permalink -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16701
-
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
J'espère que vous utilisez pas vBulletin. Joli POC cela dit :)September 25, 2019 at 8:22:56 AM GMT+2 * - permalink -
Edit: on patch https://threatpost.com/exploits-critical-vbulletin-rce-bug/148712/- https://thehackernews.com/2019/09/vbulletin-zero-day-exploit.html
-
VMSA-2019-0014
Je suis pas contre qu'on me l'explique celle-là...September 20, 2019 at 10:29:29 AM GMT+2 * - permalink -
EDIT: Ils ont enlevé la note; tout le monde est affecté- https://www.vmware.com/security/advisories/VMSA-2019-0014.html
-
Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks
Si vous utilisez Exim (pourquoi?) patchez !September 6, 2019 at 4:56:08 PM GMT+2 - permalink -- https://thehackernews.com/2019/09/exim-email-server-vulnerability.html
-
Half of Android Handsets Susceptible to Clever SMS Phishing Attack | Threatpost
and that's why I'm not using Bank app on my mobile ...September 5, 2019 at 9:14:55 AM GMT+2 - permalink -- https://threatpost.com/half-of-android-handsets-susceptible-to-clever-sms-phishing-attack/147988/
-
Android PDF app with just 100m downloads caught sneaking malware into mobes • The Register
Désinstallez l'application CamScanner si vous l'avez sur votre mobile android !August 28, 2019 at 11:02:41 AM GMT+2 - permalink -
PS: L'application notebloc (sur F-Droid) la remplace à merveille !
via https://sebsauvage.net/links/?RaYzMw- https://www.theregister.co.uk/2019/08/28/camscanner_android_malware/
-
CVE - CVE-2019-15316
Attention aux utilisateurs de Steam, une élévation de privilège dans la version actuelle de Steam (hors beta, qui est corrigé). voir aussi https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15315August 22, 2019 at 4:24:03 PM GMT+2 - permalink -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15316
-
Intezer - EvilGnome: Rare Malware Spying on Desktop Users
Tiens tiens tiens, (enfin?) un malware qui cible les Desktop sous linux (Gnome).July 17, 2019 at 5:52:43 PM GMT+2 - permalink -- https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
-
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
Donc, ne faites confiance à personne :) même sur WhatsApp (évidement ...) ou Telegram !July 16, 2019 at 1:40:26 PM GMT+2 - permalink -- https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html
-
CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2 | Sebastian Neef - 0day.work
intéressant, j’étais passé à coté de cette faille iptables(-restore).July 12, 2019 at 5:52:10 PM GMT+2 - permalink -- https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
-
Full Disclosure: Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")
Hum, il est pas tendre avec Mozilla et son .msi de firefox.. (à raison ?)July 10, 2019 at 9:42:48 AM GMT+2 - permalink -- https://seclists.org/fulldisclosure/2019/Jul/12