Red Hat Security Advisory 2020-1702-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Secunia Security Advisory - A vulnerability has been reported in Cisco ATA 187 Analog Telephone Adaptor, which can be exploited by malicious people to compromise a vulnerable device.

Secunia Security Advisory - A vulnerability has been reported in Juniper Networks Secure Access, which can be exploited by malicious people to bypass certain security restrictions.

Secunia Security Advisory - A vulnerability has been reported in Juniper Networks Installer Service, which can be exploited by malicious people to compromise a vulnerable system.

Secunia Security Advisory - Niels Heinen has reported a vulnerability in Juniper Networks Secure Access, which can be exploited by malicious people to conduct cross-site scripting attacks.

The Juniper SRX suffers from a dual-homed swapfile overflow error that can cause denial of service conditions.

Secunia Security Advisory - Richard Brain has reported a weakness in Juniper IVE OS, which can be exploited by malicious people to conduct redirection attacks.

Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.

Secunia Security Advisory - Richard Brain has reported a vulnerability in Juniper IVE, which can be exploited by malicious people to conduct cross-site scripting attacks.

Zero Day Initiative Advisory 10-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device.

Secunia Security Advisory - A vulnerability has been reported in Juniper IVE OS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - A vulnerability has been reported in Juniper Networks Secure Access, which can be exploited by malicious people to bypass certain security restrictions.

An ICMPv6 router announcement flooding denial of service vulnerability affects multiple systems including Cisco, Juniper, Microsoft, and FreeBSD. Cisco has addressed the issue but Microsoft has decided to ignore it.

Secunia Security Advisory - A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service).

Secunia Security Advisory - A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to bypass certain security restrictions.

Secunia Security Advisory - A vulnerability has been reported in Juniper IVE OS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - A vulnerability has been reported in Juniper IVE OS, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - Dell SecureWorks has reported a vulnerability in Juniper Networks Mobility System, which can be exploited by malicious people to conduct cross-site scripting attacks.

Secunia Security Advisory - A vulnerability has been reported in Juniper JunosE, which can be exploited by malicious people to cause a DoS (Denial of Service).

A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed.

This is a brief whitepaper that discusses fuzzing the VIM editor.

Whitepaper called Solving Computer Forensic Case Using Autopsy.

Whitepaper called Blind CreateRemoteThread Privilege Escalation.

Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

Red Hat Security Advisory 2020-1449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A local file overwrite vulnerability was addressed.

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.

Microsoft Windows suffers from a Desktop Bridge Virtual Registry arbitrary file read / write privilege escalation vulnerability.