Feed aggregator

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release)

BugTraq Latest Security Advisories - June 11, 2018 - 8:40am

Posted by Security Explorations on Jun 11

Hello All,

We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.

The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP section of our
portal (Past SRP materials):

http://www.security-explorations.com/en/srp.html

The release of SRP-2018-01 is a direct consequence of the...
Categories:

[SECURITY] [DSA 4225-1] openjdk-7 security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:34am

Posted by Moritz Muehlenhoff on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4225-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2018-2790 CVE-2018-2794...
Categories:

[SECURITY] [DSA 4221-1] libvncserver security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:30am

Posted by Moritz Muehlenhoff on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4221-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvncserver
CVE ID : CVE-2018-7225

Alexander...
Categories:

[slackware-security] gnupg2 (SSA:2018-159-01)

BugTraq Latest Security Advisories - June 11, 2018 - 7:28am

Posted by Slackware Security Team on Jun 11

[slackware-security] gnupg2 (SSA:2018-159-01)

New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and
-current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz: Upgraded.
Sanitize the diagnostic output of the original file name in verbose mode.
By using a made up file name in the message it was possible to...
Categories:

[SECURITY] [DSA 4223-1] gnupg1 security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:27am

Posted by Salvatore Bonaccorso on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4223-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg1
CVE ID : CVE-2018-12020
Debian Bug :...
Categories:

[SECURITY] [DSA 4220-1] firefox-esr security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:20am

Posted by Moritz Muehlenhoff on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4220-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-6126

Ivan Fratric...
Categories:

[SECURITY] [DSA 4224-1] gnupg security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:17am

Posted by Salvatore Bonaccorso on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4224-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg
CVE ID : CVE-2018-12020

Marcus Brinkmann...
Categories:

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)

BugTraq Latest Security Advisories - June 11, 2018 - 7:17am

Posted by ch . sangsakul on Jun 11

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)

# Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)
# Date: 08-06-2018
# Software Link: https://symfony.com/
# Exploit Author: HaMM0nz (Chakrit S.), a member of KPMG Cyber Security team in Thailand
# CVE: CVE-2018-12040
# Category: webapps

1. Description

Symfony is a set of PHP Components, a Web Application framework, a Philosophy, and a Community...
Categories:

[SECURITY] [DSA 4222-1] gnupg2 security update

BugTraq Latest Security Advisories - June 11, 2018 - 7:08am

Posted by Salvatore Bonaccorso on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-4222-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnupg2
CVE ID : CVE-2018-12020

Marcus Brinkmann...
Categories:

Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)

BugTraq Latest Security Advisories - June 11, 2018 - 7:01am

Posted by yavuz atlas on Jun 11

I. VULNERABILITY
-------------------------
Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11690

III. VENDOR
-------------------------
https://extensions.joomla.org/extension/gridbox/

IV. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690...
Categories: