Advisory: Code Execution via Insecure Shell Function getopt_simple
RedTeam Pentesting discovered that the shell function "getopt_simple",
as presented in the "Advanced Bash-Scripting Guide", allows execution of
attacker-controlled commands.
Details
===
Product: Advanced Bash-Scripting Guide
Recon Montreal - Call For Papers - June 28 - 30 - 2019
Welcome to TeleMate!
ATDT1514XXX
CONNECT 300
..
DATAPAC :
DATAPAC: Call connected to
This is a private system. Access attempts are logged. Unauthorized
access may result in prosecution.
Bienvenue!
+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2019-084-01)
New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-1 iOS 12.2
iOS 12.2 is now available and addresses the following:
CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted string may lead to a denial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-6 iCloud for Windows 7.11
iCloud for Windows 7.11 is now available and addresses the following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer
Product: article2pdf (Wordpress plug-in)
Product Website: https://wordpress.org/plugins/article2pdf/
Affected Versions: 0.24 and greater
The following vulnerabilities were found in a code review of the
plug-in. An attempt to contact the
plug-in maintainer on 8 December 2018 was unsuccessful. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-3 tvOS 12.2
tvOS 12.2 is now available and addresses the following:
CFString
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows
iTunes 12.9.4 for Windows is now available and addresses the
following:
CoreCrypto
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-4 Safari 12.1
Safari 12.1 is now available and addresses the following:
Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
Mojave 10.14.4
Impact: Enabling the Safari Reader feature on a maliciously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-7 Xcode 10.2
Xcode 10.2 is now available and addresses the following:
Kernel
Available for: macOS 10.13.6 or later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corrupti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the followin
Hi!
CVE-2019-9974: diag_tool.cgi on DASAN H660RM devices with firmware
1.03-0022 allows spawning ping processes without any authorization
leading to information disclosure and DoS attacks
Remote attacker could enumerate hosts on LAN interface sending
requests to /cgi-bin/diag_tool.cgi with ip par
12 matches
Mail list logo
