LeHACK 2019 is a yearly rendezvous where hackers and aficionados are meeting around with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2019 will be held in La Cite des Sciences, Paris (France) on the 6th and 7th of July 2019.
c890a3363798c912016b8f26713868cff7ad6058d942393f84762d10b19fd862
Red Hat Security Advisory 2019-0137-01 - This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a broken CVE fix.
3529def62ddfdd2f75732212de3737cc355f6ada568bda61e9b02c28b8c6b924
Red Hat Security Advisory 2019-0136-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Issues addressed include a SAML issue.
009e8212baa4ac84b17366baceaa87b1ecb9c62dce83360687fcc185816fab06
Red Hat Security Advisory 2019-0139-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a SAML issue.
a0331eb1e181232a6f9a5c59fb170a61d0ae786927ef59209e03b462fd6962a0
PLC Wireless Router GPN2.4P21-C-CN suffers from a cross site request forgery vulnerability.
6fb76da52761c347b7062beae54242f248e6db4e65be2c6501f0782ea9df30f1
PLC Wireless Router GPN2.4P21-C-CN suffers from an incorrect access control vulnerability.
0fe4055e6a0aeb3fd646c681a98175634a9d67908243af20dbae6d6f2f6fe835
This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.
15ea626ba332e60b314c81d0c40ab573322f5d2838ec298bfd26ea8118aa6c19
ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841c
Ubuntu Security Notice 3865-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
83b3568c905feb8266a3f0766a0099749ebec5be92ab95f067b6f4c7b9413d18
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
65e05788c2e57b4037de58a42b787abd1e3f249656660cf6a3c1e9ad98a46b37
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
5c2787760fcf42dbc2921bf96ab9c6d5657457cbda906ce40d14b6da0925cbe4
Red Hat Security Advisory 2019-0131-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification vulnerabilities.
d1fe1a8c5cb19911fbabc90a581032bd89b43ccfc6a45b1a54f70ec7927eac2b
Microsoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.
4bab944a0b17daf7f0d90da83593812093fe9831c9e83e778ca90dee2aeb3463
Red Hat Security Advisory 2019-0130-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 6 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification.
8f28c3b3ab5ed27ee21f2c26919cb97ce6d5ec5b9cb9da6130e911d22acbecac
Ubuntu Security Notice 3863-2 - USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
7405cd348546773a44511e11ed531d6d1c0b53c7b55acbc3a9cfdc441a0fe749
Ubuntu Security Notice 3863-1 - Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
37de6a077e616f3d2fc675e0df086a441ee4d0d9862ab4d23e578f4cbc9261cf
Debian Linux Security Advisory 4371-1 - Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicious content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine.
c64d7b7ba8329aed7fb7a0d0963524931c6f2fdb67873437f10bc78d5431d5e2
Red Hat Security Advisory 2019-0109-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
b1ef1fa7d16ecfb48c11f415e4e5e368502bea096e17ffb0be893cdb24cf9523
Ubuntu Security Notice 3864-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
1bbaac5f6b1d9512ac362f7ce86ef1607dd84fd1fb22c68c41ea9442e25d6441